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ABSTRACT 


This thesis presents a polynomial time algorithm for the basic question of Galois theory, 
checking solvability by radicals of a monic irreducible polynomial over the integers. It also 
presents polynomial time algorithms for factoring polynomials over algebraic number fields 
or computing blocks of imprimitivity of roots of a polynomial under the transitive action of 
the Galois group on the roots of the polynomial, and for computing intersections of algebraic 
number fields. (In all of these algorithms it is assumed that the algebraic number field is 
given by a primitive element which generates it over the rationals, and that the polynomial 
in question is monic, with coefficients in the integers.) We also show how to express a root 
in radicals in terms of a straightline program in polynomial time. 


The techniques used include methods from computational complexity and ap proacies 
from the theory of finite permutation groups. The results presented here rely on the recent 
work of Lenstra, Lenstra, and Lovasz, in which a polynomial time algorithm for factoring 
polynomials over the integers is presented. 


Many questions remain. Our divide-and-conquer approach answers the question of 
Veg without revealing the nature of the group in question; we do not even learn its 
order. We suggest this as one of the many open problems that remain to be tackled. 
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Title: Associate Professor of Applied Mathematics — 


3 


Acknowledgements 


This thesis would not have been written without John Hopcroft. He urged me not to 
leave Cornell, and convinced me to take generals when I did choose to leave; he continued 
to encourage me after I had left, and when the opportunity came for me to attend M.LT., 
I knew I had his support. That support has been of more help to me than he is aware. 

Gary Miller, my advisor, has always been a source of enthusiasm and energy. He gave 
most generously of his time, and his curiousity and questions provoked many of the results 
presented here. A large number of the ideas in this thesis evolved during our conversations 
together. I owe him a most hearty thanks. 

Warm thanks to my two readers: 

Rich Zippel, whose course inspired the first result of this thesis, and who has tirelessly 
answered my frequent questions, and 

Michael Artin, for his generosity in chocolate bars, ideas and time, and his willingness 
to learn a new vocabulary — the language of complexity — in talking with me. 

It was never easy, and I count myself most fortunate in the love of my good friends. 
I would like to take this chance to thank Eric Lander for the sharing of his wisdom, 
mathematical and otherwise, and also to thank Larry Carter, Steve Mahaney, Patricia 
Sipe and Joan Hutchinsion for their strong and continued support. Sandeep Bhatt carefully 
read a draft of this thesis, and his gentle criticisms greatly improved it. My sister ran a — 
one-woman cheering squad over the years and the laughter she raised was a good tonic. 

Finally I owe much to Neil, who generously gave of his dreams so that I might pursue 


mine. 


Chapter I: 


Chapter II: 


Chapter II: 


Chapter IV: 


Table of Contents 


Introduction . 2... 1 1. we ee ee ee we et et ek te 


Background 
1. Factoring Polynomials over the Integers... . 1... - eee 
. Sizes of Coefficients . . 2... 1. ee ee ee ee 


2 
3... The: Norms 005 .2.06§. 6. a ec EAE a a Se ee ee a 
4 


Factoring Polynomials over Algebraic Number Fields 
i AUT Ad POTTED 9 025 SONS Go se Be eh ee ee ee KO, BS Sr 
. Primitive Elements... .. 2... 2 ee ee eee Pah tee lee’ 


2 
3.-Corollaries. (20°54 4 2 AO LR a Be ee 
4 


Finding Blocks of Imprimitivity 

dd. Backeroang) 5 05°65 es, ks Se, he HE HO ee 
2. Am: Algovtnm: 22 xoi oe 4 oe oa BS oe See 
Or ACOPONBIY: 6-30 5 (a Gol Go ee eS Boe SPO we WIR BE oad 


Determing Solvability 

1. The Fields Between Q and Q(a) . .. 2... 2. eee ee ee 
2. An Algorithm ...... ied fen teh be ea Ante? a Ge wes! ge Ge 
3. The Fields Between Q and Q(a) and Solvability ......... 
4. Another Algorithm... 2... ee ee eee ee ee 
5. How It Fits Together ..... ec 


Chapter V: 


Expressibility 
1. Background 
2. Bounds . 


3. A Straight Line Program 

Questions, Conclusions, and More Questions 
Appendix 

References 


Biographical Note . 


61 
63 
66 


70 


72 


74 


76 


Introduction 


Every high school student knows how to express the roots of a quadratic equation in 
terms of radicals; what is less well-known is that this solution was found by the Babylonians 
a millenia and a half before Christ [Ne]. Three thousand years elapsed before European 
mathematicians determined how to express the roots of cubic and quartic equations in 
terms of radicals, and there they stopped, for their techniques did not extend. Lagrange. 
published a treatise which discussed why the methods that worked for polynomials of degree 
less than five did not work for quintic polynomials [Lag], hoping to shed some light on 
the problem. Evariste Galois, the young mathematician who died in a duel at the age of 
twenty, solved it. In the notes he revised hastily the night before his death, he gave an 
algorithm which determines when a polynomial has roots expressible in terms of radicals. 
Yet of this algorithm, he wrote, “If now you give me an equation which you have chosen 
at your pleasure, and if you want to know if it is or is not solvable by radicals, I need do 
nothing more than to indicate to myself or anyone else the task of doing it. In a word, the 


calculations are impractical.” [Gal]. 


They require double exponential time. Through the years other mathematicians - 
Zassenhaus, van der Waerden — developed alternate algorithms all of which, however, 
remained exponential. A major impasse was the problem of factoring polynomials, for until 
the recent breakthrough of Lenstra, Lenstra, and Lovasz [L], all earlier algorithms had 


exponential running time. Their algorithm, which factors polynomials over the rationals in 
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polynomial time, gave rise to a hope that some of the classical questions of Galois theory 
might have polynomial time solutions. We answer that the basic question of Galois theory 
-18 a given polynomial, f(x), over the rationals solvable by radicals — has a polynomial time 


solution. That is the main result of this thesis. 


Galois transformed the question of sovability by radicals from a problem concerning 
fields to a problem about groups. What we do is to change the inquiry into several problems 
concerning the solvability of certain primitive groups. Palfy has recently shown that the 
order of a primitive solvable group of degree n is bounded by 24~1/3n° for a constant 
¢ == 3.24399... [Pa.] We attempt to construct the Galois group of specified polynomials in 
polynomial time. Each polynomial is constructed so that its Galois group acts primitively 
on its roots. If we succeed, we use an algorithm of Sims to determine if the groups in 
question are solvable. If any one of them is not, the Galois group of f(z) over Q is not 
solvable, and hence f(x) is not solvable by radicals. It may happen that we are unable to 
compute the groups within the time bound. Then we know that the group in question is not 
solvable, since it is primitive by construction, and primitive solvable groups are polynomially 


bounded in size. 


We first show that there is a polynomial time algorithm for factoring polynomials 
over algebraic number fields. We do this by using norms, a method due to Kronecker. 
We construct a tower of fields between Q and Q[z]/f(z), by determining elements p,, 
i= 0,...,.r-+1, such that Q = Q(p0) C Qn) € .-. © Aor) C Oor41) = O[z]/ F(z). 
The tower of fields we find is rather special. If 9,41(y) is the minimal polynomial for pj+1 
over Q(p;), then the Galois group of g,41(y) over Q(p,;) acts primitively on the roots of ; 
9:+1(y). The Galois group of f(z) over Q is solvable iff the Galois group of g:41:(y) over 
Q(p;) is solvable for i = 0,...,r. 


Using a simple bootstrapping technique, it is possible to construct the Galois group of 
- gi41(y) over Q(p,) in time polynomial in the size of the group and the length of description 
of 9:+1(y). Since the p; are determined so that the Galois group of g,41(y) over Q(p,) acts 
primitively on the roots of 9,41({y), if the group is solvable, it will be of small order. In that 
case, we can compute a group table and verify solvability in polynomial time. If it is not 
solvable, but it is of small order, we will discover that instead. Otherwise we will learn that 


the Galois group of 9;+1(y) over Q(p,) is too large to be solvable, and thus that f(z) is not 
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solvable by radicals over Q. 

Our approach combines complexity and classical algebra. We start with a brief intro- 
duction to background algebraic number theory in Chapter I This sets the stage for the 
algorithm for factoring polynomials over algebraic number fields presented in Chapter II. 

Chapter III begins the discussion on solvability. The algorithmic paradigm of divide- 
and-conquer finds a classical analogue in the group theoretic notion of primitivity. Galois 
established the connection between fields and groups; permutation group theory explains 
the connection between groups and blocks. Combining these ideas we present an algorithm 
to compute a polynomial whose roots form a minimal block of imprimitivity containing a 
root of f(z). 

We use this procedure in Chapter IV to succintly describe a tower of fields between Q 
and Q[z]/ f(z). A simple divide-and-conquer observation allows us to convert the question of 
solvability of the Galois group into several questions of solvability of smaller groups. These 
are surprisingly easy to answer, giving us a polynomial time algorithm for the question of 
solvability by radicals. 

We discuss in Chapter V a method for expressing the roots of a solvable polynomial in 
terms of radicals. We present a polynomial time solution to this problem using a suitable 


encoding. The thesis concludes with a disscusion of open questions. 


A note to the reader: This thesis is self contained, but we do assume some knowledge 
of algebra. Background and proofs of classical results may be found in Samuel [Sa], van 
der Waerden [vdW] or Wielandt [Wie]. In particular the results of Chapter I, §2, Chapter 
Il, §4 and Chaper IIT §3 are more fully presented in Samuel, Chapter Il, van der Waerden , 
Chapter VIII, and Wielandt, Chapter I respectively. 


Chapter I 


Background 


1. Factoring Polynomials over the Integers 


Mathematicians have long sought efficient algorithms for factoring polynomials over the 
rationals. In 1793 Frederick von Schubert showed that the problem of factoring over the 
integers was decidable [Kn]. If f(x) is the polynomial one desires to factor, Von Schubert's 
idea was to compute f(1), f(2),..., f(n) where n is the degree of f(z). Consider a possible 
sequence d(1),...,d(n) where d(z) divides f(t). A sequence defines a potential divisor of f(z), 
which can be found by interpolation. All divisors of f(z) can be found in this way — if one 
has enough time. The algorithm is highly exponential. 

A polynomial is primitive if the greatest common divisor of its coefficients is 1. Gauss 
proved that if a primitive polynomial f(z) € Z[z] can be factored as the product of two 
polynomials having rational coefficients, it can be factored as the product of two polynomials 
having integer coefficients. Thus to decompose a polynomial f(z) € Q[z] into irreducible 
factors is equivalent to factoring a primitive polynomial in Z{z] into irreducible factors in 
Zz]. For the remainder of this thesis we will concern ourselves with monic polynomials 
with integer coefficients. 


If one raises questions of efficiency, one must begin by asking how much space is required 
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to write down the factors of f(z) = <"+ an—12"—1...-+-a9. The answer is: not very much. 
We present a simple bound here, a tighter result may be found in [Mi.] 

Suppose a  Oisaroot of f(z). Then |a| < 1-+-max;, |a,| [Ma]. We let Jo] = max,|a,|, 
where the a,’s are the conjugates of a over Q. If g(x) is a divisor of f(x), the roots of g(x) are 
a subset of the roots of f(z), and g(x) = ll (z—a,). If 9(z) = 2" +b, 12" —1+...+p, 


a ;,aroot 


of 9(x) 
the 6,’s are integers, then 


i, = > ee 
a, ,4 root 
of g(x) 

Thus |b,| < 2"fa]* < (2[o]])", which means that each b; can be expressed in n(log fal) 
digits. There are at most n factors of f(z), and each factor has at most n non-zero 
coefficients; consequently the complete factorization of f(z) requires no more than 
n? log(1 + max,|a;|) space. The factorization of f(z) has polynomial size length. A non- 
deterministic machine could guess the factorization and verify it by multiplying the factors 
together to obtain f(z). It is clear that the verification can be done in polynomial time. 

Algorithms which were developed for factoring polynomials over the integers had ex- 
ponential running time. An important one which worked well on average was created by 
Zassenhaus in 1969 [Za]. His idea was to factor f(x) mod p, for a carefully chosen prime 
p, and then to lift the factorization to p* for a large integer k. (In 1969, Berlekamp [Be] 
discovered an algorithm which factored a polynomial of degree n over Z/pZ in O(n°p) 
steps.) The factorization mod p* is examined to give a factorization over the integers. This 
may be hard as the following example illustrates. 

The polynomial whose roots are +/2-+ V3+V5+...+ VPn; Pn & prime, factors into 
linear or quadratic factors mod m for every integer m [Be2,p.733.] If we consider a reducible 
polynomial f(z) with roots in the above form, then factoring mod m gives no information 
on how to combine the linear and quadratic terms to yield a factorization of f(z) over the 
integers. 

Zassenhaus’s algorithm has the problem that its worst case running time is exponential 
in the degree. For a time, it seemed it might be easier to check polynomial irreducibility 
than to factor. In 1979 Weinberger [Wei] showed that under the Generalized Riemann 
Hypothesis, testing irreducibility of polynomials is in polynomial time. In 1981 Cantor 


ll 


[Can] proved that irreducible polynomials had succinct certificates. 

These improvements had no effect on the worst case exponential running time for 
polynomial factorization. Finally, in 1982, Arjen Lenstra, Hendrik Lenstra and Lazlo 
Lovdsz announced an algorithm [L*] to factor f(z) = amz™ + ...+ a9 € Z[z] into 


irreducible factors over Z{z] in time 
O(m>+¢ + m+ log?t *(Ea?)), 


for any € > 0. Their algorithm incorporated several new ideas. As in previous 
algorithms, they factored f(z) over Z/pZ for a suitably chosen p, and raised that 
factorization to a factorization over Z/p*Z. They then defined a lattice contained in 
2+2Z24+Z2?+...4Z2™—! whose basis equals { p*z*|0 <i < 1} U{A(z)z* |0 <i < m—l}, 
where A(z) is an irreducible factor of f(z) in Z/p*Z, and deg h(x) = I. By finding a “small” 
element in the lattice — using a basis reduction algorithm ~ they determine a factor of f(z). 
The L? algorithm brings many important algorithms into polynomial time. It is natural 
to ask if their algorithm can be extended to larger domains. Two domains of interest are: 
transcendental extensions and algebraic extensions. In Chapter 2 we show how to factor 
polynomials over algebraic number fields in polynomial time. The remainder of this chapter 


is devoted to filling in the necessary background for that result. 


2. Sizes of Coefficients 


It is a simple matter to show that if g(x) divides f(z) in Z[x], then g(x) is polynomial 
size as a function of f(z) to write down. The situation is only slightly more complex in the 
case of algebraic number fields. First we recall some definitions. An element a is algebraic 
over a field K iff o satisfies a polynomial with coefficients in K. An extension field L is 
algebraic over a field K iff every element in L is algebraic over K. It is well known that 
every finite extension of a field is algebraic; the finite extensions of Q are called the algebraic 
number fields. 

Every algebraic number field is expressible as Q(q) for a suitable a. Q(a) is isomorphic 
to Q{t]/9(t), where g(t) is the minimal (irreducible) polynomial for a. In our algorithms 
we will work with the number field in its formulation as Q[t}/g(t), although certain of our 


proofs will be in terms of Q(a). Let the degree of g(t) be m. The conjugates of a are the 
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remaining roots of g(t): a2...Qm, a@ can be thought of as ay. By the minimality of g(t), 
these are all distinct. (Note that the fields Q(a,) are all isomorphic.) Every element f in 
Q(a) can be expressed as § = ap + a30+...+am—1a™—!, with the a,’s € Q, that is, 
Q(a) is a vector space of dimension m over Q. This provides a third way to describe an 
algebraic number field. 

m—1 


Suppose y = 99 + gia+...+ gm—1@ is an element in Q(a) , and 


B= b+ ba+...+ dima” 
Boa = bar + bapa +... + bama”™! 


Bam} = bat + bmaa +... + baa 
If we define a map from Q(a) to Q(a) by: 


y+ BY, 


then the map corresponds to multiplication of the vector (go, ...,9m—1) by the matrix (0,,). 
If the matrices corresponding to 8 and ¥ are B and G, then 8+ 4 corresponds to B+G, and 
By corresponds to BG. The set of matrices generated in this way form a ring isomorphic to 
Q(a). The matrix viewpoint is useful in analyzing certain algorithms. For example, that 
we can quickly test linear independence over Q of a set of elements of a number field is 
easily proved using these notions from linear algebra. Generally however, we will refer to a 
number field as Q(a) or Q[é]/g(t). 

It is convenient for us to consider a special class of algebraic numbers, the algebraic in- 
tegers. A number a is an algebraic integer iff it is a root monic polynomial over Z. Of course, 
any polynomial over Q can be multiplied through by its common denominator, yielding a 
(not necessarily monic) polynomial over Z. Suppose f,,..., Bm satisfy h(z) = hmz™-+-...+Ap, 
where the h,’s are in Z. Consider the following polynomial time transformation of h(z) into 
a monic polynomial with integer coefficents: 

A™—! h(x) = (hm z)™ + hem—i(hmz)™ 1 +... + h™—" ho 
= t" + hit! +... + 4™-"ho 
= g(t) 
The roots of g(t), hmf1,-.-)4mBm, are all algebraic integers. For the remainder of this 
discussion we assume @ = @1,02,...,Qm are algebraic integers satisfying g(t), a monic 
irreducible polynomial over Z. 
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a 


The set of algebraic integers of K = Q(a) form a ring, frequently written Ox. This 
ring is a natural extension of the integers, and many theorems about the integers can be 
generalized for the number rings. Of significance to us is Gauss’ Lemma. It states that if 
f(z) is a polynomial in Z[z], f(z) can be factored as the product of two polynomials with 
tational coefficients iff f(z) can be factored as the product of two polynomials with integer 


coefficients, and can be generalized to: 


Proposition 1.1: Let f(z) € Ox[z]. Then f(z) factors as the product of two polynomials 
with coefficients in K iff f(z) factors as the product of two polynomials with coefficients in 


Ox. 


If we factor f(z), a polynomial in a number ring, the factors of f(z) also lie in the 
number ring. It is somewhat more complicated than it was in the case of the integers to 
show that factors of f(r) over Ox will have short descriptions. We do so now. First we 
need to know what the ring of integers of an algebraic number field looks like. In general, 
computing a basis for the ring of integers of an algebraic number field is at least as hard as 
determining the squarefree part of an integer [Mar], and it may be as difficult as factoring. 
Fortunately it is not necessary to do. We observe the following proposition, whose proof 


appears in the appendix. 


Proposition 1.2: Let a@ be an algebraic integer satisfying g(t), a monic irreducible 
polynomial over Z. The ring of algebraic integers of Q(a) is contained in (1/d)Z[a], where 
d | dise(o(t)) = T](ai —5)?. 

i<j 

If we factor a polynomial over Z[a][z], we are guaranteed that the coefficients of the 
factors lie in (1/d)Z[a]. In particular, if we show that an integer coefficient of a factor of 
a polynomial in a number field is less than the integer “a” say, then the coefficient can be 
written as b/d, where |b| < |a||d|. Thus bounding a coefficient in absolute value bounds it 
in length of description. (That the number of digits needed to write down d is polynomial 
in |g(t)| follows from the fact that disc(g(t)) = (—1) “3” Resultant(g(2), g'(t)) [Be,p.161.} 
(The resultant is defined in Section 3.)) 

We consider the question of length in greater detail. If g(t) = t’+am—,t™—!+...+<a9, 
a; in Z, then we define the stze of g(t), |g(t)| = 1+ max, |a,|. If f(z) = Baz”™+...+ Bo, 
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m—l1 


i= > b;;a7, then the size of f(z), [f(z)] = (1+ max,,, |bi,|)(1 + max; |a,|)”. Note 
==0 


that the size of f(z) in Q[z] includes the size of a as a factor. Following Weinberger 
and Rothschild, we define the size of 6, [6], to be the maximum of the absolute values 
of the conjugates of 6. We have defined size of polynomials diffferently from Weinberger 
and Rothschild, but their proof bounding coefficient sizes of factors requires only minor 


modification. 


Theorem 1.3 [Weinberger and Rothschild]: Let 6 be a root of f(z) € Z[a][z], notation 
as above. Then [6] < [[f(z)]]. Assume that f(z) is monic, and let 


A(x) = hy’ + h,—12"—1 +... 4+ ho 


be a factor of f(z) in (1/d)Z[a][z] which is primitive. If hy = (1/d)(cim—1a™—'+...+ 40), - 
then less] < milf s(z)I" aCe)!” 


proof: It is not difficult to see that [a+ 4] < [a] + [6], and that [of] < [af 4]. 
We have noted previously that fa]] < 1-+ max, |a,;| = [9(t)|. A similar argument shows 
that 
[6] < 1+ max [4] 
S (1 + max [b,j[X1 + max|a})™ 
< [f(2)l 
Suppose A(z) | f(z) in Q(a)[z]. By Proposition 1.1, h(x) € (1/d)Z[a}[z]. Now h(z) = 


It — f;), for some S € {1,...,n}. Then [A,] < (4) Fie) This in turn is bounded 
ES 

by [f(z)]”, since 2 < [[f(z)] and 1 < n. We have bounded {[A,] in absolute value, now we 
seek to bound the integer coefficients of h,. 


m—1 m—1 
If y € Q(a), 7 = »- 150), 7; € Q. Define 4; = » r;o3, and define a map L : 
j=0 j=0 


C™ ++ C™ by L{ro,...,%m—1) = (91,---> Im). Note that this map is invertible and linear. 
It is invertible because it is a Vandermonde matrix formed from a1...Q@m. We have det(L) 
= disc(g(t))!/?. Let lyl.o == max; ||, and |r|, = max; |r,|. Since all of the r; € Q, 
y € Q(a), and |y|,, = fo]. The action of L is multiplication by a matrix, which, by 


abuse-of-notation, we also call L, rL = 7. Thus r = yL—", and |r|, < |rlolL "loo: 
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where |L~ "||, = max() > lj). If r; = c;/d, then ls < d[f(z)]"|Z—" |... 
7 i=1 


Next we bound |L~ "|... By expressing L—1 in terms of cofactors of L, we find that 


each entry of L—! is bounded by 


(m— 1a} 


|det(L)| 
Therefore 
m{m—1 
fo] 
| ass ial od Wie 
Pleo < ise(g(t) "7 
Thus 


dl f(a)" fo) 


disc(g(e))7@ seat)" 2Uf(2))"m![a} 


les] < 


A rough bound will do for us. We note that dise(g(t))"/? < fla] =, and that fa] < |g(2)I. 
Thus, 


les] < mI s(z)I" Io)" 


3. The Norm 


It is often easier to compute in the rationals than in the algebraic number fields, because 
of the rationals’ simpler structure. A useful tool is the norm, which relates elements in the 
number fields to elements in Q. Let Q(a) be an algebraic number field, where a satisfies — 
g(t), an irreducible polynomial over Q, and let B = ap + aya+...+am—10™? E€ Q(a). 
Then 

Norm(6) = N(6) = [[(ao + a0; +...+an—107"7') 
i 


If o is an element of the Galois group of g(t) over Q (see Chapter II, §4), then o(a) = ay, 


where a, is a conjugate of a over Q. Then 
0;(N(8)) = os( TT (ao + aja; +...+@m—10%"—")) 
aa ee + aya; +... +am—10~') 
= TIteo + aja; +...+4m—10™—') 
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since o, just permutes the a,;’s; thus N(#) € Q. The norm is multiplicative, ie. N(7f) = 
N(7)N(). We can think of a polynomial f(z) € Q(a)[z] as a polynomial in two variables 
z and a, and denote it by fa(z). It is quite natural to extend the definition of norm to 
polynomials in Q(a){z] by 


N(S(2)) = T] feu(2) 


If f(x) € Q(a)[z], N(f(z)) € Q[z]. Under appropriate hypotheses, a polynomial in Q(a)[z] 
can be factored by taking the norm of the polynomial, factoring the norm over the rationals, 
and raising that to a factorization over the number field. This idea is due to Kronecker. 


We examine these hypotheses in greater detail. 


Theorem 1.4: Let f(z) € Q(a)[z] be irreducible. Then N(f(z)) is a power of an 


irreducible polynomial in Q[z]. 


proof: Suppose not. Then N(f(z)) = C(z)D(z) € Q[z], where C(x) and D(z) are 
relatively prime. N(f(z)) = [], fa,(z): therefore f.(z) must divide C(x) or D(z) in 
Q(a)[z]. Without loss of generality, f(z) | C(z), which implies that there exists g,(z) € 
Q(a)[z] such that fa(z)ga(z)=C(z). Let o : Q(a)[z] + Q(a;)[z] be an isomorphism. Then 
o(C(z)) = C(z) since C(z) is in Q[z], but o(fa(z)) = fa,(z) and o(ga(z)) = ga,(z). Thus 
we have f,,(z) | C(x) for all a; which are conjugates of a. Now C(z) and D(z) are relatively 
prime. Therefore for all a,, fa,(z) /D(z), which implies that N(f(z)) = J], fa,{z) = C(z), 
and consequently N(f(x)) is a power of an irreducible polynomial. | 


Theorem 1.5: Let f(z) € Q(a)[z] be such that N(f(z)) is squarefree. Then if N(f(z)) = 
IT; G:(z) is a factorization into irreducible polynomials in Q(z], then f(z) = J], gcd(f(z), G.(z)) 


is a factorization into irreducibles in Q(a)[z]. 


proof: Let g,(z) = gcd(f(z), G,(z)). Then we need to show that each g,(z) is irreducible, 
and that each irreducible factor of f(z) appears in [], 9,(z). Let A(z) be an irreducible factor 
of f(z) in Q(a)[z]. By Theorem 1.4, N(h(zx)) is a power of an irreducible polynomial. But 
N(A(z)) |N(f(z)), and N(f(z)) is squarefree; thus N(A(z)) = G,(z) for some i. 

The norm is multiplicative; thus the norm of f(z) equals the products of the norms of 
the irreducible factors of f(z). Each G,(z) is the norm of some irreducible factor of f(z). 
The G,(z)’s are all irreducible and distinct, which implies that the g,(z)’s are all distinct 
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and irreducible. Since all the irreducible factors of f(z) appear as some ged( f(z), G,(x)) we 


are done. | 


Our algorithm should now be clear. We begin with f(z). So long as N(f(z)) is 
squarefree, we factor it over the rationals, then compute gcd’s to obtain a factorization 
over Q(a)[z]. These steps — computing the norm, factoring over the rationals, and taking 
gcd’s — are all in polynomial time. The question of what to do if N(f(z)) is not squarefree 
remains. Kronecker [Kr] observed that so long as f(z) has no repeated roots in Q(a)[z], 
' f(z) can be “twiddled” so as to make N(f(z)) squarefree. The proof we present is due to 
Trager [Tr.] ; 


Lemma 1.6: Let f(z) € Q(a)[z] be a squarefree polynomial of degree n, where [Q(a) : 
Q]=m. Then there are at most fom)t integers s such that N(f(z — sa)) is not squarefree. 


proof: Instead we show that there are at most (n(n—1)m(m—1)) integers s such that 
N(f(z —sa)) has a repeated root: this will immediately imply the result. Suppose that the 
roots of f(z) are { 8; }, then the roots of N(f(xz — sa)) are { 8; + sa; }, where the a,’s are 
conjugates of a. Then N( f(x — sa)) has a repeated root iff 8; + sa,; = 6, + sau, for some 
iA k orj #1. This would mean s = (a; — a;)/(B% = fy). (We can divide, since f(z) 
squarefree means that 6; + f; for k 1%.) Clearly there are at most {n(n— tm (mn—1)) such 
8. | 


The algorithm we have suggested to factor polynomials requires the computation of 
norms. The coefficients of the norm are all symmetric functions in the a,, since N(f(z)) = 


Il fa,(z). The straightforward way of calculating takes exponential time. Fortunately 
there is a = around this difficulty. (The discussion which follows on resultants is from 
[vdW,,§ 5.8]; we include it for the sake of completeness.) 
Let 
h(z) = hya” + hyp_yz"! +... ho 
k(x) == kez? + ky_yz?' +--+ + ko 
for hy, k; € K, a field. 
We define the resultant, 
18 | 


k, 0 0 h, 0 wax @ 
ke-1 ke 0...0h,1 Ah, 0....0 
Res,(h(z), k(z)) = ks—2 ks_4 ks ... 0 h,_2 hye—1 h, ... 0 


Observe that h(x) and k(z) have common divisor ¢(z) iff there are polynomials j(z), ((z) 
where 
h(z)j(z) = k(z)/(z) 

and deg(j(z)) < s,deg(i(z)) <r. In this case, Res,(h(x), k(x)) = 0, since the r + 8s rows 
of the resultant are not linearly independent. The resultant also vanishes if k, = h, = 0. 
These are the only times the resultant vanishes. Let 

h(x) = h,(x — ay)...(2 — a) 

k(x) = k(x — f)...(z — Bs). 
We view the coefficients of h(z),h,, a8 symmetric functions in the variables a’s, and 
the coefficients of k(z),k,, as symmetric functions in the variables 6’s. The resultant is 
homogeneous of degree s in the h,, and of degree r in the k,. Then R(z) =Res,(h(z), k(z)) 
is equal to hk? times a symmetric function of the a,, 8;. If we consider the roots a;, B; as 
indeterminates z;,y,, the polynomial k(z) vanishes for z; = y,, since in this case h(x) and 
k(x) have a linear factor in common. Because the linear forms z; — y; are relatively prime — 


to one another, A(z) must be divisible by the product 
T = hyk, Il [f(z — 95), 
3 


Now k(z) = ks I — y,). If we substitute z = 2,, we see that: 
b] 


TL (2) = # TT T= — »). 


Therefore T = kf, [| &(2;) = (—1)'°h% || A(y,), and Res,(h(z), k(z)) = Az || k(a;), where 
s J 
the a, are roots of A(z). Then 


N(f(z)) = [] fas(#) = Rese(9(t), f(2, #))/9m: 


19 


where f(z, t) is f(z) with t’s substituted in for a’s. 

We have introduced the resultant because it is a computationally efficient way to 
compute the norm. We now have almost all the tools neccesary to factor polynomials over 
algebraic number fields. In the next section, we examine gcd algorithms; then we will be 


ready to factor polynomials over algebraic number fields. 


4. Computing Greatest Common Divisors 


Algebraic computation has benefitted from the fact that many classical algorithms in 
algebra and number theory are highly efficient. This includes the Euclidean algorithm; 
however, a naive implementation runs the problem of coefficient blowup. Collins, and Brown 
and Traub were able to resolve this difficulty by using the theory of subresultants. In our 
algorithm, we will need to compute gcd’s of polynomials over Q and over algebraic number 


fields. 


Theorem 1.7 [Brown]: Let f(z) and g(z) be polynomials over Q[z], of degree m and n 
respectively. Then ged( f(z), 9(z)) can be computed in O{(mez(|f(z)|, |9(z)|)?(maz(m, n)*)) 
steps. 


Corollary 1.8: Let a satisfy a monic irreducible polynomial y(t) over Z of degree yz. Let 
d be the discriminant of >(t). If f(x) is of degree m and g(z) is of degree n are polynomials 
over Ox|[z], K = Q[t]/g(t), then the gced( f(z), g(z)) can be computed in 


O(m((m + n)(log [f(x)] + log fo(z)}}) + log |4(t)|)?((m + n)* + 4°) 


steps. 

proof: We perform Brown’s algorithm 1 [Br2] with a minor modification. We assume 
that f(z) and g(x) are polynomials in two variables, x and t, and that we compute the ged 
first with respect to z. The way we do this is to compute the gcd of the coefficients of f(z) 
and g(z). Suppose c(t) and d,(t) are the respective gcd’s of the coefficients. Then we com- 
pute ged gieyoqy(F(z)/ex(t), 9()/di(t)). If Gs(z) = f(z)/er(t), Gala) = o()/ds(t), then we 
successively compute the subresultants G3,...,G,, until the pseudoremainder (G,_1, Ge) = 


0. The coefficients of the pseudoremainders G,(z) are polynomials in t. Each time however, 
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that we compute a pseudoremainder G,(z) we perform the first step of the gcd algorithm on 
the coefficients of G;(x) with respect to g(t). This has the effect of reducing the coefficients 
of G,(z) mod g(t), which is precisely what we want. 

Computation of the subresultant requires O((m + n)(log [f(z)] + log [9(z)])?(m + 
n)") steps, since the number of variables, v = 1, the length, 1 = (m+ n)(log [f(x)] + 
log [9(z)]}), 6 = 1 and adds only a constant factor, and d and d2 are bounded by m-+ n. 
Similarly, the time for each pseudodivision by 7(t) is O(((m + n)(log [f(z)] + log [9(z)]}) + 
log |7|(t))?25) steps since the degrees, dg,6 and d are less than m+n, and v, the number 
of variables, is 1. This process must be done at most min(m,n) times; wlog min(m,n). 
Thus the entire computation requires at most O(m((m + n)(log [f(z)] + log [[g(z)]]) + 
plog|(t)|)*((m + n)? + y*)) steps. L 
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Chapter I 


Factoring Polynomials over Algebraic Number Fields 


1. An Algorithm 


We have provided the necessary background for factoring polynomials over algebraic 
number fields. Let a be a root of g(t), a monic irreducible polynomial with coefficients in 
Z, and discriminant d, and suppose f(z) of degree n is a polynomial whose coefficients lie 
in Ox, where K = Q(qa). We can think of f(z) as a polynomial in two variables, z and a. 


(When there is no risk of confusion, we use f(z) and f(z, t) interchangeably.) 


In Chapter I, we sketched an algorithm due to Kronecker, for factoring polynomials 
over an algebraic number field. We present it here. We find h(z) = gcd(f(z), f’(z)). Then 
h(x) is squarefree, and all the irreducible factors of f(z) appear as factors of h(x). We 
compute an integer “c” such that Ng(a)s@(h(z — ca)) = F(z) is squarefree. Using the L® 

r 
algorithm, we factor F(z) = I F(z) over Q. By computing the gcdg(qy(Fi(z), A(z) for 
t=1 
t= 1,...,7, we obtain a factorization of h(z) over Q(a). This allows us to determine a 
factorization of f(z) over Q(a). We now give an algorithm to factor f(z) over Ox[z] in 
O((mn)+*1og?+*((mn)? | g(t) | L4(2)B) steps. 
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Algorithm 2.1 FACTOR 


input: g(t) € Z|t], monic, irreducible 
f(z) € Q[z, t]; f(x) with coefficients in Ox, K = Q[t]/(g(t)) 


Step 1: c+1 
j++ 0 
c(t) « cont( f(z, t)) 
f(z) — f(z)/e(t) 
k(z) — ged gjey/o(ty(F(2), F(z) 
h(z) +- f(x)/k(z) 
Step 2: U(x) — Res;(g(t), h(x — ct)) 
While (ged(i(z), l/(z)) 4 1), do: 
c#-ec+l1 
I(x) — Res,(g(t), A(z — ct)) 


ry 
Step 38: Factor I(x) = I F;,(z) 


t=1 
Step 4: For7=1,...,r, do: 
f(z) Sa Bed oie} (Fs (z + ct), h(z)) 


Step 5: If (k(x) = 1) then return { f,(z) }, e(¢) 
Else for 1 = 1,...,r, do: 
While ged(Fi(z + ct), k(z)) 4 1, do: 
ae he 
fi+r(z) — ged(Fi(z + ct), k(z)) 
k(z) — k(z)/f;++(z) 
return: { f(z) },c(t), where f,(z) is irreducible and primitive over Ox[z], 
where K = Q[t]/g(t), and f(x) = c(t) TI Fi(z) 


t==1 
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Theorem 2.1: Algorithm 2.1 computes a factorization of f(z), a polynomial of degree n 
over Ox(z] into irreducible factors in O([z]. It does so in O((mn)*+* log? + *(m?n?/9(¢)|[ f(z)])) 


steps. 


proof: The algorithm has four major steps. Step 1 transforms f(z) into a primitive 
polynomial and computes the squarefree part of f(x), h(x). In order to factor f(z) it suffices 
to factor h(x). Step 2 computes an integer c such that Normgjty/g(e)y/q(h(z — ct)) is 
squarefree. Lemma 1.6 guarantees that there is a c less than (degree(g(t))degree( f(z)))? 
which yields h(x — ct) which has squarefree norm. 


In Step 3, we factor I(x) = N(h(z—ct)). Theorem 1.6 assures us that if I(x) = Il F;,(z) 


t=1 


is a complete factorization of /(z) in Q[z], then 


h(x — ct) = [J gcd(¥,(z), h(x — ct)) = [J f(z — et) 


i=1 i=1 
will be a complete factorization of h(z— ct) in Q(a)[z]. We are interested in a factorization 
of h(x) however; instead we compute f,(z) = ged(Fi(z + ct), h(x)). We are nearly done. 
All that remains to be done is the factorization of k(x), but all irreducible factors of k(z) 
appear as factors of h(x). By computing ged’s, Step 5 computes a complete factorization of 
k(z). 

By the work of Collins, Brown and Traub on polynomial gcd’s, it is clear that all of the 
above steps can be done in polynomial time. We do a careful analysis to obtain the bounds 
of the theorem. (Note that the work of Weinberger and Rothschild shows that h(z) in Step 
1, and the f,(z) in Steps 4 and 5 are polynomial size in (log [f(z)], log |g(¢)|, m,n) to write 
down.) 

Step 1 requires n gcd’s of polynomials in a single variable to obtain c(t), and one gcd 
over Q[t]/g(t) to obtain k(x) and h(z). The time required for Step 1 is subsumed by the 
time required for Steps 2 and 4. 

In Step 2, we must find a c such that Normgje}/9(t))/;q(A(z — ct)) is squarefree. We 
compute the norm by resultants. The resultant is the deteriminant of a 2m XK 2m matrix 
whose entires are polynomials in z. The integer coefficients of these polynomials are bounded 
by (mn)™+! ml] f(2)I" g(t)!" in absolute value, and therefore the integer coefficients of 
the resulting polynomial, the norm, are bounded by (2m)!((mn)™+!m![[ f(z)]"I9(t)" 2”. 
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We need to determine if N(h(z — ct)) is squarefree; we do this by computing the ged of 
N(h(x — ct)) and N’(h(z — ct)) over Q[z]. Now the roots of N(h(z — ct)) are of the form 
B+ ca, where Z is a root of f(z), and a is a root of g(t). Thus 


[B+ ca] < cfA]fa] < (mn) [s(2)Bl9(4)| 


It follows that the integer coefficients of N(h(z — ct)) and N’‘(h(x — ct)) are less than 
((mn)?[f(z)] |g(t)|)™" since the polynomials are of degree at most mn. By Brown [Br2] this 
ged requires at most O((mn(log((mn)?{f(z)}]|9(t)|))?(mn)*) =O(m5n®] f(z)]]|9(t)|) steps. 

Step 3 factors (x) = N(h{2—ct)) which is squarefree. As before, the integer coefficients 
of N(h({x — ct)) are less than ((mn)?[f(x)]]|9(t)|)"" in absolute value, or require at most 
mn log(m?n? | f(z)]}|9(t)|) bits to write down. Thus (z) can be factored in O((m"t*n’**) 
(mn log(m?n? f(z) l9(¢))))2+2))—= O(m®+*n®+#1og?+*(m?n?ff(z)Bla(t))) steps. 

In Step 4, we compute at most n gced’s of polynomials. The factors determined 
in Step 3 of the Algorithm are of degree at most mn, and have coefficients of length 
at. most mn log(m?n?[[ f(z)]|9(t)|) bits, while A(z) is of degree at most n, with integer 
coefficients requiring at most n log [f(x)] + m? log |g(t)| bits. Thus this step can be done in 
O((mn)*(n] f(z)]] + m?[[9(t)]})?)) steps. Finally the running time in Step 5 is dominated by 
that of Step 4. Our total running time is dominated by Step 3 of the algorithm, and the 


theorem is proved. | 


The running time of the algorithm we present to factor polynomials over algebraic 
number fields is dominated by the time required by the L? algorithm to factor polynomials 
over the integers. We expect that the running time of this algorithm will be improved. To 
simplify what is to follow, we let F(log |g(t)|, m, log [ f(z)],n) be the time required to factor 
f(z) of degree n over Q[t]/g(t), where g(t) is a monic irreducible polynomial of degree m 


over the integers, and f(z) € Ox, where K = Q|t]/g(t). 
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2. Primitive Elements 


We observed earlier that an algebraic number field can be written as Q(a) for an 
appropriate a. In our algorithm, we assumed that the number field over which we are 
factoring was preseneted as Q(a). Suppose we were asked to factor f(z) € Q(qa, 6)[z]; 
how would we proceed? We could calculate a primitive element for Q(a, 8), and apply the 


Algorithm 2.1 directly. Alternatively, we might observe that 


Na(a.sy/elf(z)) = Naaye(Neta.s)/@(a)(F(z))). 


In order to factor f(z) over Q(a, 8), we could compute Ngia,s)/Q(a)(f(z)), and then con- 
sider the question of factoring that polynomial over Q(a). Such an approach leads to a 
bootstrapping technique for factoring which is, in some cases, faster than the method of 
finding a primitive element. For later applications however, we have found it useful, and 
not more costly to obtain a primitive element. 

If @ satisfies h(x), an irreducible polynomial over Q(a), then whenever Nacay/@(h(z—ca)) 
is squarefree, Q(8 + ca) = Q(a, 8). This is a consequence of Theorem 1.6. We prove this 


result. 


Proposition 2.2: Let a@ satisfy g(t), a monic irreducible polynomial of degree m over 
Z, and let § satisfy h(x), a monic irreducible polynomial of degree n over K = Q(a) with 
coefficients in Ox. Then there is an integer c less than (mn)? such that Q(ca + 8) = 
Q(a, 8). Furthermore, let f(z) be the minimal polynomial for ca + 6 over Q which has 
integer coefficients and is monic. Then [f(z)] < (mn[h(z)]]|g(t)|)™” and deg(f(z)) = mn. 


proof: Pick an integer c such that Ngia)se(h(z — ca)) is squarefree and consider 
h(x — ca) = h(x — cy, y) as a polynomial in two variables. Then a is a root of h(f — cy, y). 
Let the roots of g(t) be ay(= @),a@2,...,@m. Observe that a; 4 a is not a root of 
h(8 — cy, y) since otherwise Noia)/q(h(z — ca)) = J], h(t — ca,) would have a multiple 
root 6 , and would not be squarefree. We see that y— a = ged(h(§ — cy, y), g{y)). This 
means @ is in Q(f + ca), and consequently that Q(ca + 6) = Q(a,f). Then f(z) = 
Nata)/@(h(z — ca)) is the minimum polynomial for ca ++ f over Q. Since the roots of f(z) 
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are {Aj +.ca;|1<icni<j<m}, 


IF(z)] < (fol; + ¢4;)"™" 
S (mnfr(z)lo())”. 


That degree(f(x)) = mn is obvious. : 


3. Corollaries 


The ability to factor allows many other computations. Questions whose solutions were 
infeasible are now in polynomial time. We list several consequences of Algorithm 2.1 before 


we turn to Galois theory. 


Corollary 2.3: Factoring multivariate polynomials over algebraic number fields is poly- 


nomial time reducible to factoring multivariates over the rationals. 


proof: The algebraic property necessary for the proofs of Theorems 2 and 3 is that 
Q(a)[z] is a unique factorization domain. Since Q(a)[z1,...,2n] is also, Theorems 2 and 3 
extend to these domains. To prove Lemma 4, we consider f(z1,...,2n) € Q(@)[z1,..., Zn] a8 
a polynomial in z; with coefficients in Q(a)[z2,..., Zn]. (Note that since we can factor n+ 1 
variable polynomials over Q, we can compute the ged of n variable polynomials over Q(a).) 
Let deg, (f(z1,---,2n)) = 1, and [Q(a) : Q] = m. As before, we assume f(z1,...,2n) is 
squarefree; otherwise we take the gcd to obtain the square free part of f(z1,...,2n). Then 
N(f(z1,..-;2n)) has no repeated roots. Viewing f(71,...,2n) a8 a polynomial in x; with 
coefficients in Q(a)[z2,...,Zn], it has ny roots. The proof of the lemma goes through as 


before, and we obtain our reduction. | 


Kaltofen [Kal],/Ka2], and A. Lenstra [Lpc] have independently shown that factoring 
a polynomial with a bounded number of variables over the rationals is polynomial time 
equivalent to factoring a univariate polynomial over the rationals. In light of Corollary 2.3 
and the earlier [L3] result, we conclude that factoring a polynomial with a bounded number 
of variables over an algebraic number field presented as Q(a) can be done in polynomial 


time. 
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Corollary 2.4: Let a satisfy g(t), an irreducible polynomial of degree m over Z, and let 8 
satisfy f(z), an irreducible polynomial of degree n over Z[a]. Then determining if the inter- 


section of Q(a) and Q() is Q can be done in time polynomial in (log |g(z)|, log [ f(z)], m, n). 


proof: Let h({z) be the minimal polynomial of 6 over Q. If a does not satisfy h(z), (i.e. 

a and f are not conjugates over Q), then Q(a)N Q(f) = Q iff h(x) remains irreducible over 
Q(a). If a is a root of h(x), then Q(a)N Q(6) = Q iff h(z)/z — a is irreducible over Q(a). 
| 

Those number fields, Q(a), which are distinguished by the fact that a may be expressed 


as a combination of several m*® roots are called the radical number fields. 
Corollary 2.5: Finding bases for radical number fields can be done in polynomial time. 
Corollary 2.6: Finding bases for algebraic number fields can be done in polynomial time. 


For a long time normal polynomials — polynomials which factor completely upon adjoing 
a single root - were most difficult to factor. In the next section, we will present a brief 


background to Galois theory. However we would like to note the following corollary: 


Corollary 2.7: Let f(z) € Z[z] be of degree n. Then f(z) can be checked for normality 
in time polynomial in (log |f(zx)|,n). Furthermore, if f(z) is normal, computing its Galois » 


group can be done in time polynomial in (log |f(z)], n). 


4. A Brief Introduction to Galois Theory 


Let K be an algebraic number field, and let f(x) be a polynomial with coefficients in K, 
with roots 04,...@m. Then K(a,) ~ K[z]/f(z) ~ K(a;), but in general, K(a;) A K(a;) 
for i 4 j. The field K(a4,...,Qm) is called the splitting field of f(z) over K. We consider 
the. set of automorphisms of K(q4,...,@m) which leave K fixed. These form a group, 
called the Galois group of K(a1,...,Qm) over K. As we can think of these automorphisms as 
permutations on the a;, this group is sometimes referred to as the Galois group of f(z) over 
K. The Galois group is transitive on { a1,...,Qm }, that is, for each pair a, and a; there is 
an element o in G, with o(a,) = a,. Galois’ deep insight was to discover the relationship 
between the subgroups of the Galois group G, and the subfields of K(a,..., @m). 

Let H be a subgroup of G. We denote by K(a1,...,Qm)"! the set of elements of 
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K(a1,...,Q@m) which are fixed by H. This set forms a field, for if 6 and ¥ are fixed by all 
o in H, then so are 6+ 4,8 X 4, and (for 7 % 0), 8/7. Furthermore H fixes K so that we 
have 


K € K(a4,...,am)% C K(ay,...,0m) 


Conversely suppose that K (+7) is a field such that K C K(y) C K(a1,...,@m). Then 
7 can be written as a polynomial in a,,...,a@,;, and H, the subgroup of G which fixes K(7) 
consists of those elements of G which fix 7. The relationship between the fields and the 


groups can be more formally stated as: 


Fundamental Theorem of Galois Theory: Let K be a field, and let f(z) with roots 
1, ++, Qm, be irreducible over K{z]. Then: 

(1) Every intermediate field K(f), K C K(6) C K(aj,...,Q@m) defines a subgroup H 
of the Galois group G, namely the set of automorphisms of K which leave K(() fixed. 

(2) K(G) is uniquely determined by H, for K({) is the set of elements of K (a4, .--) Om) 
which are invariant under the action of H. 

(3) H is normal iff K(a1,..., am) over K(f) is a Galois extension, that is, iff the minimal 
polynomial for @ over K splits into linear factors over K (a1, ...,Qm). In that case, the Galois 
group of K(6) over K is G/H. 

(4) |G| = [K(a1,...,@m): K], and |H| = [K(a1,..., am): K(6). 

Once the Galois group is known, the Fundamental Theorem allows us to determine all 


intermediate fields: 


Theorem A: Let the hypothesis be as in the Fundamental Theorem. If 
KCIWyCInC K(ay,..., am) 


then the group G2 corresponding to Lg is a subgroup of the group G, corresponding to Ly, 


and vice versa. 


Theorem B: Let the hypothesis be as in the Fundamental Theorem. Then: 

(1) Let Ly and Lg be two subfields of K(a,...,@m) which contain K. Suppose H; 
and Hg are the subgroups of G which correspond to L; and Lz respectively. Then Hy He 
is the subgroup of G corresponding to L;Lz. 
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(2) The field corresponding to HyH2 is L1 N La. 


We want to know the answer to the following question: What irreducible equations have 
the property that their roots can be expressed in terms of the elements of the base field K 
by means of rational operations and taking radicals. Let us be more precise. In general Va 
is a many valued function, as in, for example V1. We will require that all solutions to the 


equation in question be represented by expressions of the form: 
v 


eae (*) 


(or similar ones), and that these expressions are to represent solutions of the equation for 
any choice of the radicals appearing. (If a radical appears more than once, it is assigned 
the same value each time.) 

Since roots of unity can always be expressed in terms of radicals, let us consider for a 
moment determining expressibility of a root in radicals over Q(¢m), where ¢m is a primitive 
m** root of unity. This will simplify the situation. (We will discuss the question of 
expressing roots of unity in terms of radicals in Chapter V.) Suppose a root a, is expressible 
in terms of radicals, and the expression is an m** root. If m is not prime, m = m,mz. 
Then taking an m** root could be broken into two steps, first taking an mith root, then an 
mre root, By further decomposition, one need only take roots of prime degree. This would 
give rise to a series of field extensions, Q(¢m) = Fe C Fe—1 C ... C Fo, where Fy_1 is 
an extension of F; which arises by taking a pth root of an element in F;_1. Each Fy; 
is a Galois extension of F,. The accompanying lattice of groups, Gp C G; C... C Gy = 
G, where G, is the subgroup of G which fixes F,_, satisfies the following two important 
conditions: G;_1 is normal in G,, and G,;/G,—1 is of prime order. A group which satisfies 
these two conditions is called solvable. Galois showed that f(x) is solvable in radicals iff the 


Galois group of f(z) over Q is solvable. 


Fundamental Theorem on Equations Solvable by Radicals: 

(1) If one root of an irreducible equation f(z) over K can be represented by an expression 
of the form (*), then the Galois group of f(z) over K is solvable. 

(2) Conversely, if the Galois group of f(z) over K is solvable, then all roots can be 
represented by expressions (*) in such a way that the successive extensions F,_; over Fy 
are extensions of prime degree, with F;_, = F;(v/a,), with a, € F,, and 2? — a, irreducible 
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over F;. 


The problem of checking solvability by radicals can be converted to a problem of 
determining if a group is solvable. On first glance, it is not obvious that this reduction 
is useful. How does one check solvability of a group? Various algorithms exist [Sims], [FHL] 
which can do this in polynomial time given generators of the group. Since there is at present 
no polynomial time algorithm for determining the generators of the Galois group, we do not 
use this approach. An obvious approach is to divide-and-conquer, and solvability provides 
a natural way to do this. If H is a normal subgroup of G, then G is solvable iff H and G/H 
are. Finding the right set of H's is the key to solving this problem, and is the subject of 
the next chapter. 
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Chapter II 


Finding Blocks of Imprimitivity 


1. Background 
The Galois group, G, is a transitive permutation group on the set of roots, 
{@1,...,@m}=N 


We define: 
Ga = {0 €G|o(a) =a} 

and we call G regular if G is transitive and G, = 1 for all a. A fundamental way the action 
of a permutation group on a set breaks up is into blocks: a subset B is a block iff for every 0 
in G, o(B)N B= B or . It is not hard to see that if B is a block, oB is also. Every group 
has trivial blocks: {a} or 2. The nontrivial blocks are called blocks of imprimitivity, and 
a group with only trivial blocks is called a primitive group. The set of all blocks conjugate 
to B: B,o2B...0,B, form a complete block system. If B A ] is a maximal block of G we 
can consider an induced action of G on { B,o2B...0,.B}. Our idea is to construct minimal 
blocks of imprimitivity, and to consider actions on the blocks. In this section we provide 
the background necessary for our algorithm. Our first theorem is the following well known 


characterization of primitive groups. 


32 


Theorem 3.1: Let a € 0, || 4 1. Then the transitive group G on 2 is primitive iff 


Ga is maximal. 
proof: Let A be a nontrivial block containing a, and suppose 8 ~ a € A. Define 
H={o0€G|o(A) =A} 


Then Ga C H. G is transitive, thus there is a o € G with o(a) = f. In particular, there 
isa o € H with o(a) = 8. Then G, GH. Furthermore A 4 0, so H # G, and therefore 
Ga is not maximal. 


Next assume there is a subgroup H of G with Ga ra | 7 G. We let 


A={o(a)|oEH} , 
and we claim that A is a block. If @ is in A()7A for some 7, and element of G, then 
B = 03(a) = ro9(a) 


with 01,02 belonging to H. This means that a; ‘102 are elements in G,. But 01,02 are in 

Hf. and thus 7 is an element of H. But G, cH means that A contains some element other 

than a. But A = 7A only for r in H. We know that H cG implies that A 54 . Therefore 

G is imprimitive. | 
Actually the same proof may be used to show the stronger: 


Proposition 3.2: The lattice of groups between G, and G is isomorphic to the lattice 


of blocks containing a. 


Let a be a root of f(z). If f(z) is a normal polynomial, i.e. f(z) factors completely in 
Q(a)[z], the Galois group can be computed easily. Suppose f(z) = (r—a)(z—azg). . .(z—Om) 
in Q(a)|z], then the a,’s will be expressed as polynomials in a, a; = p,(a). Since the Galois 
group is a permutation group of order n on n elements, for each a, there is a unique o, in G 
with 0,(a) = a; = p(a). Then o,(a) = p;(a) implies that 0,(a;) = 0:(p;(a)) = p,(ox()) 
= p;(p,(a)), and the action of o, on M is easily determined. We can construct a group table 
for G and identify a set of minimal blocks in polynomial time. Of course, the case that 
f(z) is normal happens only rarely. But it is not much more difficult to construct minimal 


blocks in the general case. 
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Theorem 3.3: Let AC 9, and a EN. Then 


A= f) o(A) 


a€o(A) 
is a block of the transitive group G. 


proof: Let o be an element of G, and suppose ANhaA + @. Let a be in A, then a an 
element of rA implies a is in orA. Then A C oA. But we know that [A| = |oAj, which | 
means that A = oA. 

Next suppose 6 € ANcA. Since G is a transitive group, there isa r € G with r(a) = B. 


Then a is an element of r~!A and r—!0A as well as in A. This means that 
A=rA=r—'sA 


and in particular rA = A. Then A is a block of G. | 


Corollary 3.4: Let 
A= {f|o(8)=6 (Vo €Ga)} 


Then A is a block of G. 


proof: We let A = A. The corollary follows immediately from Theorem 3.3, since 


o(a) = a for all a in Gy. | 


Theorem 3.1 gives a characterization of primitive groups. We offer as an alternate 


characterization one that will allow us to compute blocks of imprimitivity. 


Theorem 3.5: Let a be an element of ©, || 3 1. Then the transitive group G on 2 is 
primitive iff Va # B, GaGg = G, or G is regular of prime degree. 


proof: We suppose G is not regular. 

Let A be a nontrivial block of imprimitivity, with a, 8 be elements of A, with a £ f. 
Then Ga, Gg C Ga implies GgGg C Gy. Since A is a nontrivial block of imprimitivity, 
Ga 7 G, and we conclude GaGg a G. 


Next we assume GaGg # G for some § 4 a. Let 


A = {o(a)|o € GaGa} 
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We claim A is a block. For suppose ¥ is contained in Af7rA, 7 an element of G. Then 7 = 
01(a) = T02(a), for some 01,02 in GaGg. But a = 0; 'r02(a) implies that o[-'ra(a) is 
in Ga. Since 01,02 are both in G,Gg,, we have 7 is an element of GaGg; therefore A = TA, 
and A is a block. If A is nontrivial we are done. 


Suppose A = {a}. Then G, = Ga, and we let 


A={ylo(y)=7 VWo€ Ga} 
We know a, f are in A, so A is nontrivial. Furthermore G is transitive, so A 4 2. By 
Corollary 3.4, A is a block. 
Our final case occurs when A = 9. Let 7 be an element of G, and suppose 7(a) = 4. 
Then there is ao in GaGa, with o(a) = 7. Thus t~!o(a) = a, and 7—'o belongs to Gy. 
But this would mean that 7 is in G,G,, and that G.G, = G, contrary to assumption. We 


are done. a 


Proposition 3.6: Suppose G acts transitively on 0, and G, has no fixed points except 
a. Let A be a minimal nontrivial block containing a. Then for all 7 in A, y 4a, A= 
{o(a) |o € GaG,}. 


proof: Let 7 be in A, y # a. Then we let A = {o(a)| 0 € GaG, }. Since GaG, C Ga, 
we have AC A. 
Next, suppose ( is an element in A() 7A for some r in G. Then 6 = o;(a) and 


1rog is an 


B = To2(a), with 01, 02 elements in G.Gg. But a = oj 'r02(a) means that of 
element of G,. Then 7 belongs to GaGg, and rA = A. Therefore A is a block. But Ais a 


minimal nontrivial block containing a; therefore A = A. | 


Proposition 3.6 provides the backbone of our algorithm. Since the roots of the ir- 
reducible factors of f(z) form the orbits of G,, the orbit structure of G, can be determined 
from a factorization of f(z) in Q(a)(z]. Similarly we can deduce the orbit structure of Gg 
from a factorization of f(z) in Q(f)[z]. By considering a factorization of f(x) in Q(a, A){z], 
we can tie together the orbit structures of G, and Gg in such a way as to determine if 
GaGa = G. By transitivity, a can be fixed, and we need loop only over f. 


Let f(z) be an irreducible polynomial over Q, with roots aj,...,a,. Suppose 
f(z) = (t — a4)g2(z)...9-(x) in Q(a1)[z], and 
f(z) = (t — a,)ha(z)...h,(z) in Q(as)[z], 
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with g;(z) = z— ay, and hy(z) = t— a. We consider G, the Galois group of f(x) over 
Q, acting on the roots of f(z). We propose to determine a minimal nontrivial block of 
imprimitivity containing a, if it exists. Observe that the factorization of f(z) over Q(as)[z] 
is the same as the factorization of f(z) over Q(a1)[z], with a,’s substituted in for ay’s. 

Suppose (z — p,(a1)) is a linear factor of f(z) in Q(a1)[z]; then p,(xz) = (x —a,) is fixed 
by G,,. We know by Corollary 3.4 that the linear factors of f(z) form a block. Suppose 
the block A consists of the roots a;,...,a@,. Let us consider the induced action of Ga on 
A. Since G is transitive on 01,...,Qn, Ga must be transitive on a1,...,a@,. The action 
of G, on A can be determined, since for 1 = 1,...,k, a; = pi(a1). Let o be in Ga and 
let & be the induced action of o on ay,...,a,%. Then if (a1) = a; = p,(a1), we have 
G(x) = G(pi(a1)) = p;(p:(a1)). We determine the group table of the induced action of Ga 
on A, and find a minimal block I’ of G4 which contains a; in polynomial time [At.] 

Finally we observe that I is a block of G. For suppose M7 # ¢ for some 7 € G. 
Since A is a block of G, andI C A, it must be the case that 7T C A. But I is a block of 
Ga, thus Q7r =P. 

"Next suppose f (x) has no linear factors in Q(a)[z] except (x — a1). Let us consider a 
factorization of f(z) over Q(a1, a5)[z] for a, 4 a. This will tie together the factorizations 
of f(z) over Q(a1)[z] and Q(a,)[z]. In particular, this will enable us to compute the block 
fixed by Ga, Ga,. 

Define a set of graphs T’,, s = 1,...,7 with vertices V, and edges E by: 


V = {¢,(z),¢ =1,...,.r}U {h,(z), 1 =1,...,r} ° 
E = {(g(z), hy(z)) | gcd(gs(z), hy(z)) A 1 over Q(a1, a5) } 


Then we compute the set of vertices connected to go({z). Let 


dz)= TE oz) , 


gi(z)is 
connected to go(z) 


and let A, = { a, | a, is a root of g(z)}. We claim A, = {o(a1)|o € Ga, Ga, }. To prove 


this we observe the following: 


Lemma 3.7: Let a; be a root of g,(z) in Q(a1)[z]. Then the roots of g,(x) are precisely 
Ga, (a4). 
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It follows immediately that ged(g,(z), h,(z)) A 1 iff Go, (ai) M Ga,(a;) FO, where a; 


is a root of g,{z) and a, is a root of h,(z). This implies: 


Lemma 3.8: Let a; be a root of g,{x), a factor of f(x) in Q(a1)[z]. Then 


a; € As = {0(01) | o € Ga, Ga, } 


iff g3(z) is connected to go(z). 


If we compute I’, for s = 1,...,r, we are cycling over all a; # a; which are roots 


of f(x) and computing Go,Goa,. By Lemma 3.6, this will give us a minimal nontrivial 


block containing a1, if one exists. In the next section we present an algorithm to compute 


the minimal blocks of imprimitivity, along with a proof of correctness and an analysis of 


running time. 


2. An Algorithm 


Algorithm 3.1 BLOCKS 
input: f(z) € Z[z], f(z) irreducible of degree n over Z 
Step 1: Find c 0 such that N,(f(z—cz)) is squarefree and factor N,(f(z—cz)) over 
Q, 
i 
Nl f(e — cz) = [I Giz — cz) 
t=1 
[At most n° ¢’s in Z do not satisfy this condition.] 
Step 2: For i= 1...1 do: g?(x) + ged(f(z), G,(z)) over Q[z]/ f(z). 
[Thus f(z) = []9:(x) is a complete factorization of f(x) over Q[z]/f(z).] 
Step 3: If f(z) has more than one linear factor, compute the induced action of Galois 


group and Cayley table, and find maximal block by inspection. Then 
B*(z) — TI ,eblock(t — os), and 
return B*(z) 
[In this case, the fixed points form a block, and the induced action of the 


full group on the block can be determined by substitutions.] 
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Step 4: For each G;(z — cz) a factor of N,(f(z — cz)) do steps 5-9: 


Step 5: 


Step 6: 


Step 7: 


Step 8: 


Step 9: 


q;(t) — constant term of ged(g,(z), f(t — cz)) over Q|t, z]/G;(t) 

p;(t) « t — cq, (t) 
[This computes y and z in terms of a primitive element for the field 
Aly, zI/(9(y)9F(z)) = Q[E]/G.(2).] 

For i = 1...1, do: 

03(2) = of (e) 

93 (2) — 92) 
[This rewrites the factorizations of f(z) over Q[z]/f(z) and Q[y]/f(y) as 
factorizations over Q|t]/G,(t).] 

Compute the graph I; = (V;,£;), with vertices, V;, and edges, E, given 

by: 

9 = {92(z)} U { 95(z)} 
E; = {(93(2), 9&(2)) | eed(g}(z), 9&(=)) A 1} 


Compute Y; = {1 | g?(z) is connected to g(x) = z — p,(t) in T; } 


B,(z) — TJ 9%(z) 


seY 


Step 10: B(z) + B,(z), of minimal degree 


return B7(z) € Q[z,z]/f(z), a polynomial whose roots form a minimal block of im- 


primitivity containing 2 


Theorem 3.9: If f(z) € Z[z] of degree n is irreducible, Algorithm 3.1 computes B(z) a 


polynomial in Z(a)[z] whose roots a;...a,, are elements of a minimal block of imprimitivity 


containing a. It does so in the time required to factor f(x) over Q[z]/ f(z) and to calculate 


n® gcd’s of polynomials of degree less than deg(f(z)) and with coefficient size less than 


[f(z)]” over a field containing two roots of f(z). 


proof: By Proposition 2.2, Step 1 determines a primitive element for Q[y, z]/( f(z), 97(y)). 
By Theorem 2.1, Step 2 factors f(z) = []g,(z) over Q[z]/f(z). In Corollary 3.4 we 


demonstrated that the fixed points of G, (which correspond exactly to the constant terms 


of the linear factors of f(z) over Q[z, z]/ f(z) form a block. The induced action of G, on the 
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minimal block can be determined from the Cayley table. Step 3 also computes a minimal 
block (which is trivial) for the case when G is a group of order p acting on p elements. Step 
4 merely expresses the roots y and z of f(z) in terms of a primitive element for the field 
Q[t]/G,(t) = Q[y, 2]/( f(z), 97(t)); a proof of correctness appears in [van der Waerden, p. 
139.] Step 5 rewrites the factorization of f(z) in Q[z]/ f(z) in terms of Q[¢]/(G,(t)), and also 
expresses a factorization of f(x) over Q[y]/f(y) in terms of Q[t]/G,(t). Step 7 computes 
the graph T';. By Lemma 3.8, Step 9 yields a polynomial whose roots form the block of 
imprimitivity 
A = {o(a1)|o € Ga, Ga, }. 

Using Proposition 3.6 we conclude that Step 10 gives a polynomial whose roots form a 
minimal block containing a}. 

Let us now analyze the running time. Recall F(log|g(t)|, m, log [f(z)],n) is the time 
required to factor a polynomial of coefficient size [f(x)]] and of degree n over Ox(z], where 
K = Qlt]/g(t), and g(t) is a monic irreducible polynomial of degree m over Z. We let 
GCD(log [f(z)], &, log [9(z)]], #, log |h(t)|, m) be the time required to compute the ged of two 
polynomials f(z) and g(x) in O;<[z] of coefficent size [f(z)] and [g(z)]} and of degree k and 
| respectively, where K = Q{[t]/h(t), and h(t) is a monic irreducible polynomial over Z. 

Let deg(f(z)) = n. Step 1 of the algorithm is a preprocessing step for factoring f(z) 
over Q[z]/f(z). Step 3 requires at most n substitutions and polynomial divisions in addition 
to the time required to find blocks in a group of order n. This can be done in O(nlogn) 
steps [At]. We cycle through Step 4 at most O(n) times. Computing p,(t) and q,(¢) requires 
one ged over Q[t]/G,(t). Step 6 can be done in O(n) steps. Step 7 is again a gcd, done at 
most O(n?) times. Step 8 can be done in O(n?) steps [AHU]. The overall running time is 
bounded by: 


o( Foe [f()|, 7, log [f(z)], n)+-n3GCD(log [[( f(z))] ee n, log (ie) ial »n, log |f(z)|, n)) ; 


or, more simply, the time needed to find a minimal block of roots of f(z) is the time needed 
for one factorization of f(z) over Q[z]/ f(z), plus the time needed for n° gcd’s of factors of 


f(z) over a field containing two roots of f(z). i 
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The Fundamental Theorem established the correspondence between fields and groups, 
and we know now that the lattice of groups between Ga and G is isomorphic to the lattice 
of blocks of G which contain a. In the next chapter we see how to use the minimal blocks 
of imprimitivity to obtain a tower of fields between Q and Q(a). Having this tower of fields 
will enable us to check solvability of the Galois group in polynomial time. We present a 


generalization of Algorithm 3.1 in the next section. 


3. A Corollary 


Another way to think about Algorithm 3.1 is that it computes the intersection of Q(a1) 
and Q(a,). Observe that Ga, is the subgroup of G belonging to the subfield Q(a;), and 
that Gy, is the subgroup of C belonging to Q(a,). Then Ga,Ga, is the subgroup of G 
belonging to Q(a1) 1 Q{as) [Theorem B, Chapter 2.] In a similar way we can compute 
Q(a) N Q(B) even when a and f are not conjugate over Q. 

There is a difficulty if we view the intersection in terms of the minimal polynomials for 
a and f over Q, since the minimal polynomial for 6 over Q may factor over Q(a), in which 
case the intersection is ambiguous. In order for the problem to be well-defined, we must 
have a description of a field containing a and §. The description Q[z, y]/(f(z), h{y)), where 
a satisfies the irreducible polynomial f(x) over Q, and satisfies the irreducible polynomial 
h{y) over Q[z]/ f(z) is well-defined. We present an algorithm which, given the polynomials 
f(z) and h(x), computes the intersection of Q(a) and Q(f). 

Suppose [Q(a) : Q] = m, and let a2,...,am be the conjugates of a = a, over Q. 
Suppose also that f satisfies h(x), an irreducible polynomial over Q(a), and assume that 
the conjugates of @ over Q(a) are f1,...,8n, with 6 = f,. By Proposition 2.2, we know 
there exists a c less than (mn)? such that whenever H(z) = Na(h(z — ca)) is squarefree, 
then H(z) is irreducible. If y = 6 + ca, then Q(7) = Q(a,f). Furthermore, since the 


degree of H(z) is mn, and 
H(z) = T] Te — 6 + eas), 


the roots of H(z) are precisely { 8; + ca,;|j=1,....n; t=1,...,.m}. 
Let Q(p) be the splitting field of H(z) over Q, and let G be its Galois group. Then 
Q(e) = Qfa1,...,Qm;f1,---; Bn), and Gq and Gg are subgroups of G. They are the 
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subgroups belonging to Q(a) and Q(G) respectively. Consider 
H(z) = ji(z)...j¢(2) in Q(a)[z], and 
= k,(z)...k,(z) in Q(A)[z], 
where the j,(z) and k,(z) are irreducible factors of H(z) over Q(a) and Q(f) respectively, 
and j,(z) = h(z — ca). 
Let us define a graph I’ with Vertices, V, and Edges, E by: 
V = {a(z)} U{k,(z)} 
E = {(5(z), y(z)) | ged(z:(x), &y(z)) A 1} 
Again we compute the set of vertices 7,(z) connected to j,(z), and we let 
I(z) = I ji(z) 


ji(z) ts connected to7;(z) 


and let A = { 9; | 7; is a root of J(z)}. We claim A = {o(y1) | o € GaGg }. We observe: 


Lemma 3.10: Let 4, be a root of j,(z) in Q(a)[z]. Then the roots of j,(z) are precisely 
Gal). 

It follows immediately that gced(j,(z), k;(z)) 4 1 iff GaN Gg 4 0, where 4, is a root of 
j(z) and 4; is a root of k;(z). This implies: 

Lemma 3.11: Let a, be a root of j,(z) in Q(a)[z]. Then a, € A= {o(a1)| 0 € GaGg} 
iff g;(x) is connected to j(z). 

To compute the intersection of Q(a) with Q(), we factor H(z) over Q(a) and Q(f), 


and compute a connected component in the same way as we did in Algorithm 3.1. This 


gives us the algorithm INTERSECTION, which runs in polynomial time. 


Algorithm 3.2 INTERSECTION 

input: f(z) € Z{z] and h(x) € Q[z]/f(z), where f(z) is monic and irreducible over 
Q, and h(z) € Q[z]/f(z) is an irreducible factor of g(x), which is a monic 
irreducible polynomial over Z 

Step 1: Find c 4 0 such that N,(h(x — cz)) is squarefree and factor: 


k 
H(z) = N,(h(z —cz)) = [] 33(z) over Q[z]/ f(z), 


t==1 


[At most (mn)? c’s in Z do not satisfy this condition, where m=degree( f(z)) 
and n==degree(h(z)).] 
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i 
Step 2: Factor H(z) = I k(x) over Q[w]/g(w) 


i= 
Step 3: q(t) — constant term of ged(f(z), g(t — cz)) over Q[t, z]/H(t) 
p(t) — (t — ca(t)) 
[This computes z and w in terms of a primitive element for the field 
Q[z, w]/(f(z), h(w)) which is isomorphic to Q[t]/H(t).] 
Step 4: For: =—1,...,l, do: . 
H(z) — HOC) 
Step 5: For j= 1,...,/, do: 
kp (2) — BF(z) 
[This rewrites the factorizations of H(z) over Q[z]/ f(z) and Q[w]/g(w) as 
factorizations over Q[t]/H{(t).] 


Step 6: Compute = (V;,£,), a graph with vertices, V;, and edges, EZ; given by: 
V = {(33(z)} U {FP (z)} 
E = {(33(z), kP(z)) | ged(s?(z), hy" (z)) A 1} 

Step 7: Compute Y = {1 | j?(x) is connected to j{(z) = A(z) inT} 

Step 8: B(x) — I ji(z) 

ieY 

return: B(z) € Q[z, z]/(f(z)), a polynomial whose coefficients determine the field 

Ql[z]/F(z) N Qz]/9(z) 


It follows from Lemmas 3.10 and 3.11 that Algorithm 3.2 correctly computes a polyno- 
mial whose coefficients determine the intersection of Q[z]/ f(z) with Q[z]/9(z). The running 
time of Algorithm 3.2 is dominated by the time required by the factorization required in 
Step 2. The proof is quite similar to that of Theorem 3.9, and we do not repeat it here. 


Theorem 3.12: If f(z) in Z[z] is monic and irreducible of degree n, and h(x) € 
Q|z,z]/ f(z) is an irreducible factor of g(z), a monic irreducible polynomial over Z, then 
Algorithm 3.2 determines the intersection of Q[z]/ f(z) and Q[z]/9(z), where Q[z]/ f(z) and 
Q[z]/9(z) are contained in Q[z,y]/(f(z), h{y)). Suppose the degree of h(x) is m. Then 
Algorithm 3.2 works in O(F(log [f(z)]], », log |(N(@s1/s(2)@*(z — ¢z))|, (nm)?)) steps, where 


cis an integer less than (mn)?. 
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.Chapter IV 


Determining Solvability 


1. The Fields Between Q and Q(a) 


Let f(z) be a monic irreducible polynomial over Z with roots a1,...,Qm, and Galois 
group G. Suppose By = {a4,...,a,, } is a minimal block of imprimitivity containing a1, 
and let 

ki 
hy(z) = [][ (2-04) = o* + Beat!" +... 4 Bo 
t=1 
We define F; = Q(o, B1,---, 8x,—1). In Lemma 4.1 we show that F, is the fixed field of 


Gg,. Then the minimum polynomial for a = a, over F, is hy(z). This is easy to see, for 


(1): [Q(a) : F;] = [Q(a1, aeey Gm) : F,)/{Q(o1, sony am) : Q(a:)| = IGa,|/|Gal = ky, 
and 


(2): a; satisfies hy(x), a polynomial over F;. 


We first observe that since B, was chosen as a minimal block containing a,, the Galois 
group of Q(a;) over Q((elementary) symmetric functions in {a1,...,%, }) acts primitively 
on the roots of h,(z). This is shown in Lemma 4.1. Next we consider a tower of fields, 


Fj, between Q and Q(a), where a is a root of f(z) and has conjugates a2,...,Qm, with 
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a = a1. The subgroup of G determined by Q(a) is Ga. Each subfield between Q and Q(a) 
corresponds to a subgroup of G which contains G,. Finally, each subgroup corresponds to 


a block of imprimitivity containing a. This statement can be made more precise. 


Lemma 4.1: Let K be a field, and let f(z) with roots a1,...,Qm be an irreducible poly- 
nomial over K[z]. Let B = {a,..., a4 } bea block of the roots. Then K(a1,...,Q@m)?? = 


K (symmetric functions in { a1,..., a% }). 


proof: We proceed by induction. Assume that B is a maximal block of roots con- 
taining a1, and let F denote K(a,...,Q@m). First we note that [F : K] = [G/Gs] = 
|Q|/|B| = m/k. The first equality follows from part (4) of the Fundamental Theorem 
of Galois Theory. The second is a consequence of the First Isomorphism Theorem ap- 
plied to a mapping from G onto an induced action on B,o2B,...,0,B, a complete block 
system. It is clear that AK (symmetric functions of {a1,...,0%}) C F. We show that 
[K (symmetric functions of { a1,...,a%}) : K] =m/k to complete the proof. 


Ga K(a) 

Nn 

Gg =- K (symmetric functions in { a1,...,a% }) = K(p1) 
n 


K (symmetric functions in { a4,...,a5% }) 


n 
G  «K 


Figure 4.1: The Fields Between K and K(a) and Corresponding Groups 


Let ao, @1,...,a, be the symmetric functions evaluated at { a1,...,a, }. Let py = ag-+- 
c1a; +...-+ cxa, be a primitive element for K(symmetric functions in {a4,...,% }) over 


K, where the c,’s are in Z. (Note that the c’s can be chosen less than m°.) If we let pj = 
m/k 
0;(p1), then p(x) = I (z—p,) has coefficients over K. If q(z) is a factor of p(z) over K, then 


s=1 
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q(x) = [[(z—-.). In this case, 0;, BU...Uo,,B form a block, contradicting the maximality 
j 

of the block B. We conclude that p(z) is irreducible. Thus 1 satisfies an irreducible 
polynomial of degree m/k over K, and [K (symmetric functions in { a1...a, }): K] = m/k. 

Now any block will be maximal over an appropriate subfield; assume inductively that 
B is a maximal block over L = K(symmetric functions in {a1...a;,}). Let H be the 
induced action of G on {a1...a;,}, B = {a4,...,a,} be the maximal block, and F = 
L(a1,...,@5%)%". As before, [F : L] = |H|/|Hal = |{a1,..., 054 }\/|{o1.. on }| = 7. If 
we define p; as a primitive element for F,, it will satisfy an irreducible polynomial of degree 


j over L, by the same arguments as before. Thus 


F = L(symmetric functions in { a1...a, }) 
= K (symmetric functions in {a1...a5, }, symmetric functions in { a1...a, }) 
= K (symmetric functions in { a1...a% }) 


since { @1,...,@, } is a subblock of { a4,..., a,x }. | 


This means that all the fields F;, Q = Fy C Fe_-1 C ... C Fi C Fo = Q(ar) 
can be described as Q(symmetric functions in elements of B), where B is a block of roots 
containing a. We have already observed that if B is a minimal block, and if G, is the Galois 
group for f(z) over Q(symmetric functions in elements of B), then G, acts primitively on 
the roots of f(z). We would like to find a set of elements p,;, ¢ = 1,...,k, such that if 
9i(y) is the minimal polynomial for p; over Q(p;+41), then the Galois group G, of g;(y) over 
Q(pi+1) acts primitively on the roots of g;(y). These elements py will be primitive elements 
for F; over Q, ie. Fy = Q(p;). We already have a description of the F; from Lemma 
4.1; what we seek is a succinct description. We would like a set of p,’s whose minimal 
polynomials over Q have polynomial length coefficients. (Since Q(o;) C Q(a) for each 1, 
we know that the degree of g;(y) is less than n.) We will describe the p,’s in terms of their 
minimal polynomials, h,(x), over Q. There is an inherent ambiguity as to which root of 
h,(z) we are referring, but this difficulty is resolved by linking the fields Q(p,;) and Q(p,+1) 
through the polynomial g,(y). 


Of course we could determine F, by calling BLOCKS on f(z). Then if 


hy(z) = o** + By, —'+...+4 Bo 
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is the polynomial described earlier, F; = Q(fpo,.--;Se—1), and p1 = Bo +181 +... + 
Cy—1f6,—1, each c; € Z, can be quickly found by Proposition 2.2. 

Let o4,...,0; € G be such that o;B,,...,0;B,, where o; is the identity, form a 
complete block system for G acting on { a1,...,m }, and suppose that g;(z) is the minimal 
polynomial for p, over Q. Then g;(z) is of degree m/k, = j. We know that o(h,(z)) = 
hi(z) for o in Gy. If 06; = o,(p1), ¢ = 1...j, then o;(h1(o1)) = 0, implies that 0,;(91) = 0; 
is a root of hy(z). Applying BLOCKS to g;(z), returns a polynomial: 


B(x) = x*? + By,—12**—1 +... + Bo, 


whose roots { p1,..-,0%,01 } form a minimal block containing o;. Then 


Fy = Q(Bk.—1,-+ +» Bo) 
= Q(symmetric functions in {61,...,5 }) 
= Q(symmetric functions in { symmetric functions in {01,...,@%, },--- 
..., symmetric functions in o;{ a1,..., x, } }). 


But Q(6%,—1,---, Bo) is a cumbersome way to name F2; we would like to name F2 in terms 


of the original roots of f(z), a1,...,. Fortunately, there is a simple way to do this. 


Lemma 4.2: Let f(z) € Q[z] be irreducible with roots a = a4,...,Qm, and Galois group 
G. Let Q(p), Q(7) be subfields of Q(a), with Q(r) C Q(p), and let h(z) be an irreducible 
factor of f(x) in Q()[z]. Then the roots of hy(z), a1,...,a%,, form a block By. The set of 
roots of Ngip)/q(r)(hi(z)) form a block of a1,...,Qm Which contains B,. Let g(z) be the 
minimal polynomial for p over Q(r). If the Galois group of g(x) over Q(7) acts primitively 
on the roots of g(x), the roots of Ngp)/@(r)(h1{z)) form a minimal block containing By. 


proof: Because the fields Q(r),Q(p) are subfields of Q(a), we know that Q(p) = 
Q(symmetric functions in elements of B), Q(7) = Q(symmetric functions in elements of Ba), 
and where B, Bg are blocks of { a1,...,Qm }. However hi (z) is irreducible over Q(p)[z] with 
roots a1,...,@%,, 80 it must be the case that B = By. Furthermore, Q(r) C Q(p) implies 
By, C Bg. We consider the induced action of G on Ba, and let 0;B4,..., 04,81 be a complete 
block system for B, in By, with o, equal to the identity, and the o,’s in G. 

Then if g(z) is the minimal polynomial for p over Q(7), 


ka 
g(x) = I o;(z — p). 


i==1 
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In particular, 


ka 
Neaioy/atey(hi(z)) = [] ox(Aa(z)) 


t=1 


— I o( I (z — a) 
gj a;E minimal 
block ctga=a, 


= I I o;(z — a,) 


jy aE minimal 


block ctga=ay, 
ky ke 
= I t— Aa; 
t=1 


will give a polynomial whose roots a1,...,Q@%,4%, are a block of a1,...,Q@m which contains 
O4,...,Q%,- If the Galois group of g(x) over Q(r) acts primitively on the roots ofg(z), then 
By, is a minimal block of Bo. | 


This lemma allows us to compute the blocks of aj,...,am directly. Recall that the 
coefficients of B(x), 8,,—1,---, Bg are elements of Q[y}/hi(y) = Q(p), and that Q(fx,—1,---, Bo) 
= Q(r) is a subfield of Q(o). If yo,...,7;4—1 are the symmetric functions in 1,...,Q@k,k25 


again we can determine 
P2 = Yo + e191 +--+ Chey ka Ver kes 


where Q(p2) = Q(70,---> Tk,k,), and the c,’s are integers less than n*. We let h(x) be the 
minimal polynomial for pg over Q. 

We have found fields Fy = Q(p1) = Q[x]/hi(z) = Q{z,y]/ha(z)gi(y) and Fy = 
Q(p2) = Q[z]/he(z) such that 


1) the Galois group of f(x) over Q(1) acts primitively on the roots of f(z), 
2) the Galois group of hi(z) over Q(pq) acts primitively on the roots of h,(z). 


We may now repeat this process with h2(z) playing the same role as h;(zx) did, and 
determine a minimal block of roots of ho(z). Iterating this process until BLOCKS (h,(z)) 
returns a polynomial in Q[z], determines a set of fields F; = Q(p,), i = 1,...,k, such that 
if 9;(y) is the minimal polynomial for p; over Q(p;+1), and G, is the Galois group of g,(y) 
over Q(p;+1), then G; acts primitively on the roots of g,(y). Furthermore Fy = Q(q), and 
Fy = Q. 
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We give a simple argument to show that the h,(z) have succinct descriptions. Although 
the bound we give is not best possible, it is an easy argument which demonstrates that 
the polynomials have polynomial size descriptions. The polynomial f(z) is monic with 
coefficients in Z, which means that a1,...,Q@ , are algebraic integers. Since any sum or 
product of algebraic integers is also an algebraic integer, we know that the roots of hy(z) 
and h(x) are algebraic integers. Therefore it suffices to show that [h,(xr)] is polynomially 
bounded in order to know that h,(z) is polynomially bounded in length of description. Now 
h,(xz) is the minimal polynomial for p; = By + c1f1 ae ... + cxf, over Z, where the f; are 
symmetric functions of the a1,...,@m, and k << _m. Then 


Ial<t SY TL a: ou] 


all subsets of aE 
k distinct roots { q,,...,am } 


<2" I ee oe | 


Oo, E{a4,...,4m } 


< 2" fay”. 
This yields the following bound on the p,’s: 
les] < m- max |c,| max [6] < m-m*-2"a]” = M. 


If 
h,(z) = I (z — p;); 
pj aconjugate 
of p; over Q 
we conclude that [[h;(x)] < (2M)™. Using Weinberger and Rothschild [Theorem 1.3], we 
can also obtain a bound on the coefficients of g,(y). Recall that . 


a(yy= [TfL (y—a) 


a; @conzugate 


of a; over Q(pi) 


Thus if 9;(y) = y* +.—1y*—!+...+ 0, the 7;’s are algebraic integers, and are elements 
of Q(p,). With 


Vi . 
"= (3) >> 9:30” 
j=0 
and d = disc(h,(z)), by Theorem 1.3 we have 
las] < mILFC@N AZ)” < mise, 
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a rough bound which is sufficient for our purposes. Since [,] < M, 
dise(h;(x)) < (2M)™" < [ f(z)”, 


and consequently, 
[oe(2)) < mi f(a)y™". 
We have shown: 
3)|hs(z)| < f(z)?" for i = 1,2, and 
4)[ox(2)) < mi f(xy". 
In the next section we present an algorithm for determining the h,(z) and g;(y), along 


with a proof of correctness and an analysis of running time. 


2. An Algorithm 


Algorithm 4.1 FIELDS 
input: f(z) € Z[z], a monic, irreducible polynomial 


Step 1: 1+ 1 
ho(z) ~ f(z) 
C*(t) — BLocks( f(z) 
go(t) — t! + q_4(z)t*—-? +... + co(z) + C¥*(t) 
[C*(t) will be the polynomial whose norm we compute in order to determine 


the chain of fields.] 


Step 2: While C(t) ¢ Q[t], do steps 3-17 
Else go to return 


Step 8: t* + a,_4(z)t*#—1 +... + ag(z) — C(t) 
Step 4: A(z) ~ ao(2) 
Step 5: Forj = 1,...,4 —1, do: 
While a,(z) ¢ {1, A(z), ..., 8 1(z) }, do: 
A(z) — A(z) + a;(z) 
[This computes an element A(z) such that Q[a,—1(z), ...,@0(z)]/ f(z) ~~ Q[6(z)]/f(z).] 
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Step 6: 


Step 7: 


Step 8: 


Step 9: 


Step 10: 


Step 11: 


Step 12: 


Step 13: 


Step 14: 


Step 15: 
_ Step 16: 


Step 17: 


l-—1 


While {1, 6(z),..., 8'(z) } is a linearly independent set over Q, do: 
bel+1 


Else if B'(z) + d:_18'—1(z) + ...+ do = 0, 

h,(z) «2! + dj_yz'—} +...+do 

[This determines the minimal polynomial for A(z) over Q; we have Q(6(z)]/ f(z) = 
Q[z]/h,(z).] 

For j = 0,...,/ — 1, do: 

Find p,(z) such that p,(6(z)) = c,(z) 

9—1(y) — y! + pr—a(z)y'“! +... + po(z) 

[Then Q[t]/hs—1(t) ~ Qlz, y]/hi(z)o—1(y)-] 

For j = 0,...,4 — 1, do: 


Find q,(z) such that g;((z)) = a;(z). 


C(t) — t+ gu a(a)tt—? +... + gala) 
[This expresses C(t), a polynomial in Q[A(z)]/f(z) ~ Q[z]/h«(z) in terms of 
the element z.] 


B*(t) + BLocKs(h,(z)); 

t! + by—1(z)t!-? +...4¢ bo(z) - B*(t) 

For 7 = 0,...,1 —1, do: 

¢;(z) + 6,(A(z)) 

[This will allow us to express B*(t) as a polynomial with coefficients which are 


polynomials in z and which has root z.] 
B*(z) — a! + ey_4(z)z'—1 +... + c9(z) 
C(t) + Res,(B*(z), C*(t)) 


t+ti+1 
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return: = {h,(z), 9:—1(y) | = 1,...,7}, where 
1) Q[z, y]/hi(z)g0(y) = Qle]/ F(z) 
2) h,(z) € Q[z], and 
gi—1(y) € Q[z, y]/h,(z), for i =1,...,7 
3) The Galois group of g,;—1(y) over Q[z, y|/A,(z) acts primitively on the roots 
of gi—a(y) 
4) The Galois group of h,(z) over Q acts primitively on the roots of h,(z). 


Theorem 4.3: Let f(z) € Z(z) of degree m be irreducible. Algorithm 4.1 computes 
{hi,9—1 | t = 1,...,7} which satisfy conditions 1,2,3 and 4 above. Let BLOCKS (g(z)) 
be the running time for BLOCKS on input g(z). Then the running time for FIELDS is 
O(log mBLOcKs (9(z))), where degree(g(z)) < m, and [[g(z)] < m!f f(z)”. 


proof: We consider the first iteration of Algorithm 4.1. Step 1 computes C*(t) = 
t! + c_yt'—! +... + co(z), whose roots 21,...,2% form a minimal block of imprimitivity 
containing z = 2. If C*(t) € Q[t], then the Galois group of f(z) over Q acts imprimitively 
on the roots of f(z), and we are done. Otherwise we compute a primitive element for A(z) 
for the field Q[a,—1(z), ...,@0(z)]/f(z) in Steps 4 and 5. That Steps 4 and 5 do so correctly 
is immediate from van der Waerden [vdW,p.139.] In Steps 6-8, we compute the minimal 
polynomial h(z) for B(z) over Q. 

Now that we have a primitive element, 2, for Q[a,—1(z), ..., @9(z)]/ f(z), we can rewrite 
C(t) as C7(t), a polynomial over Q[z]/hi(z). This is done in Steps 9 and 10. Note that 
this means Q[t]/Ao(t) ~ Q[z, y]/(h1(z), 9o(y)). Steps 11 and 12, in the case of 1 = 1, are 
redundant. Observe that C*(t) has the same value before and after these two steps. 

Next we call BLOCKS on hy(z). Let BLOCKS(h,(z)) = t* +b, 3(z)t*—!+-...-+b9(z) = 
B*(t). By the minimality of the block, the Galois group of h(x) over Q[b,—1(z), ..., bo(z)] / hi(z) 
acts primitively on the roots of hi(z). We know that Q[b,—1(z),...,b0(z)|/Ai(z) = 
Q(symmetric functions in z1,..., 2,) for some block z;,...,2;. We find this block. 

Let x be a root of h(t). Then z is a root of B%(t). If we rewrite B*(t) as B*(t), a 
polynomial with coefficients in Q[z]/ f(z), z remains a root. Recall Lemma 4.2, and the 


discussion which followed it. Since z is a root of B%(t), the roots of 
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= gas P1 
N(atzi/hi(2))/(@lbx—1(2),.-bol2)1/ha(2))F (4) = Newnan” (t) 
= C*(t) 


are a block containing B,. Because the Galois group of hi(z) over Q[bx—1(z), ..., 60(z)]/h1(z) 
acts primitively on the roots of hi(x), the roots of C*(¢) are a minimal block containing 
B,. We can calculate this norm by a resultant. In order to do so, we express B*(t) as a 
polynomial with coefficients in Q|z, t]/ f(z), B*(t). This is done in Steps 14 and 15. Since z 
is a root of B*(t), Step 16 computes C'7(t) correctly. 

Inductively suppose Algorithm 4.1 has computed { h,(z), 9;—1(y) |i =1,...,4} which 
satisfy: 

1) Ql, yl/ha(x)oolu) ~ Olel/ (2) 

2) A,(z) € Q[z] and g;-1(y) € Q[z, y}/h.(z), fori =1,...,k, and 

3) The Galois group of g;—1(y) over Q[z]/h,(z) acts primitively on the roots of g,—1(y), 


and that C*(t) is a polynomial whose roots are the elements of the block By41. We 
will show that a single iteration of Algorithm 4.1 will produce hy41(z), 9x(¥); and a new 
C*(t) which satisfy the above conditions. 

If C*(t) € Qft], we are done, since then the roots of C(t) are z1,...,2m, and we have 
satisfied conditions 1,2,3, and 4. Suppose C%(t) ¢ Q[t]. Then in Steps 3-5 we compute 
a primitive element, A(z), for Q(symmetric functions in the elements of By+1). In Steps 6 
and 7 we determine h,41(z), the minimal polynomial for A(z) over Q. 

Next we calculate g,(y). Since the Galois group of B*(z) over Q[A(z)]/f(z) acts 
primitively on the roots of B*(z), B*(t) is - almost — the g,(t) we want. The only difficulty 
is that B*(t) is written as a polynomial with coefficients in Q[z]/ f(z). This is however, easily 
circumvented, since B7(t) has coefficients which are in Q[z]/h,+1(z). We express them in 
terms of z in Step 9, and g,(y) in Step 10. 

Now we are ready to find the next block. We seek to express C(t) as a polynomial 
over Q[z]/hxe+41(x); we proceed in the same manner as we did for gx(y). We do so in 
Steps 11-12. Then By+1 will consist of the roots of the norm of C%(t) over a subfield of 
Q[z]/h,+41(z), namely a minimal subfield. We compute this subfield by calling BLOCKS 
on hx+1(x); the subfield is determined by the symmetric functions of the elements of a 
minimal block of roots of h,+41(z), or more simply, by the coefficients of the polynomial 


returned by BLOCKS(h,+1(z)) in Step 13. In Steps 14 and 15 we rewrite the polynomial, 
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B*(t) as a polynomial in the variable t with coefficients in Q[z]/ f(z). Then by Lemma 4.2 


the polynomial we are seeking is: 


Be 
N(atzi/ne+s(2))/(Qlbe-+1(2)--bol)I/x-41(2))° (*) 


= (o10(2)1/102))/(@lbe41(2),-sbo(@N/be4s(e))° 


= Res,(B*(z), C*(t)) 
= C*(t). 


We are done. Let us now examine the running time. . 

Observe that Algorithm 4.1 is looped through at most log m times, since each iteration 
produces a subfield between Q and Q(a). Let us consider the running time necessary for 
the first iteration. 

The time needed for Step 1 is dominated by the call of BLOCKS on f(z). Steps 2-4 take 
constant time. The loop of Step 5 is passed through a maximum of m times, with no more 
than log m nontrivial executions. The computation a,(z) € ?{ 1, A(z),...,6—*(z) } is done 
at most m3 times for each a,(z), with each test requiring no more than O(m>) steps. (This 
is simply a linear algebra problem to test independence; the bound is due to [Edm.]) Step 
5 requires much less time than BLOCKS of Step 1. 

The running time for Steps 6-12 is less than the time required for Step 5, and is therefore 
dominated by Step 1. In Step 13, we call BLOCKS on h,(z), a factor of f(z). The time 
required for Steps 1-16 is dominated by the time required for Step 5. Thus the time required 
for the first iteration is dominated by BLOCKS(h(zx)), where h(x) is a factor of f(z). 

Subsequent iterations are dominated by this same factor, and there are at most log m of 
them. Hence we conclude that the running time for FIELDS is less than O(log mBLOCKS(g(z))), 
where degree(g(z)) < m, and [g(z)J < [7(z)I”’. 1 


3. The Fields Between Q and Q(a) and Solvability 


We can now determine all the fields between Q and Q(a). This enables us to check 
solvability by a simple divide-and-conquer observation. Let @Q(() be a field such that 
2 © Q(8) € Qa). Every element in Q(a) can be written in radicals iff every element 
of Q() can be written in radicals over Q, and every element of Q(a) can be written in 


radicals over Q(f). The divide-and-conquer terminates when no more fields can be included 
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in the chain between Q and. Q(a), that is, when the Galois group of the normal closure of 
Q(f:—1) over Q(6,) acts primitively on the roots of the minimal polynomial of 6,1 over 


Q(6:). 


ea 
Q(a1) Arr) 
~ 98.) ~ | 
™ e621) 
Q(12) 
a 
Qa) | Qn) 
“NN ~ 
Q(6:) 
™ 


Q 


Figure 4.2: The Primitive Extensions Between @ and Q(a) 


We consider what this means group-theoretically. Suppose { 6; |i = 1,...,r +1} are 
such that if g,(y) is the minimal polynomial for 6; over Q(f;—1), then the Galois group of 
g:(y) over Q(f;—1) acts primitively on the roots of g,(y). If the set {7; |i = 1,...,7-+1} 
is chosen so that Q(7,) is the splitting field for Q(;) over Q(A;—1), let {a4,...,a% } be the 


block of imprimitivity associated with Q(G1), and let { ap41,..-,@ak }y +065 { &t—1)k-p19 ++ +9 Om }; 


be the conjugate blocks. Then, if Q(2),...,@Q(@) are the fields associated with the con- 
jugate blocks, we know that Q(6;) C Q(71), for 1 = 1,...,¢. This means that the 
Galois group H, of Q(a1,...,Q@m) over Q(71) fixes each of the Q(@,;). Assume L, is the 
subgroup of the Galois group which fixes Q(f,). Clearly H,; C Li; furthermore, Hy 
C (induced action of Ly on a,...,a,)*. If Ky is the Galois group of Q(a1,...,a%) over 
Q(61), then Hi C Kt, and Hy is solvable if K, is. The question of whether a particular 
polynomial is solvable by radicals can be transformed into log m questions of solvability of 
particular primitive groups: if G, is the Galois group of Q(6,+1) over Q((;), then f(z) is 


solvable by radicals iff G, is solvable for 1 = 1,...,r. 
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Figure 4.3: Hi C Ki 


This is suprisingly easy to answer, for primitive solvable groups are highly structured, 


which greatly limits their size. 


Theorem 4.4 [PAlfy]: If G is a primitive solvable group which acts transitively on n 


elements, then |G| < 24—1/5n°‘, for a constant c = 3.24399.... 


This result is sufficient for us to obtain a polynomial time algorithm for checking 
solvability by radicals. Although no algorithms which compute the Galois group in time 


polynomial in the size of the input are known, a straightforward bootstrapping method 


yields an algorithm whose running time is polynomial in the size of the group. 


We factor f(z) in Q[y]/f(y). If f(z) does not factor completely we adjoin a root of 
f(z), different from y, to Q[y]/f(y), compute a primitive element, and factor f(z) over the 


new field. We continue this process until a splitting field for f(z) is reached. In Section 4 


we present this algorithm with a proof of correctness and an analysis of running time. 


4. Another Algorithm 


Algorithm 4.2 GALOIS 


input: f(z) € Ox[z], monic, irreducible of degree m over K = Q(6), where @ is an 


algebraic integer of degree / over Q, and Ox is the ring of integers of K 


Step 1: g(y) — f(y) 
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Step 2: 


Step 3: 


Step 4: 


Step 5: 


Step 6: 


Step 7: 


Find c £ 0 such that Nociy) /aty)) nicl f(x — cy)) is squarefree 


[Then Nort (f(z — cy)) generates K(a, 8) where a and f are roots of 


yl/o(v))/K 
g(y) and f(z) respectively.] 


k 
Factor Neto) FO —cy)) = II G,(z) over K 


j=1 
If there is a G,(z) such that degree(G,(z)) >degree(g(z)), 
g(y) — G;(y) and go to 2 
Else n +-degree(g(y)) 


For 1 = 1,...,m, do: 


f(z) Cd iy} /q(y) (Giz + cy), f(z)) 


qi(y) + constant term of f,(z) 


Factor g(x) = Il xz — p,(y) 


i=1 


For: = 1,...,n, do: 


Step 8: For 7 = 1,...,m, do: 


return: 


Hf pi(aj(y)) = any) in Q[yl/o(y), (7) — 4 
[This just means that o,(a;) = a, for a,, a roots of f(z)] 


{7,|¢=1,...,n}, and g(y), where 

1) K[y]/g(y) is the splitting field for f(z) over K, and 

2) The 7,’s acting on a1,...,Qm, the roots of f(x), form the Galois group of 
f(x) over K 


Theorem 4.5: Let f(z), a polynomial in Ox([z], be monic and irreducible of degree m, 


where K = 


Q(6), @ is an algebraic integer of degree | over Q, and Ox is the ring of integers 


of K. Algorithm 4.2 returns g{y) and {7;}, where K[y]/g(y) is the splitting field for f(z) 


over K, and the {7,; |i = 1,...,n}, form the Galois group of f(z) over K. It does so in 
O((|G|)°**(IG| log |GI[f(z)] + 2 log [o]})?+*) steps. 


proof: The proof will be by induction. As before, we show correctness, and then analyze 


running time. Without loss of generality, let us assume the roots of f(x), a1,...,Qm, 


are ordered so that there is at < m, with aj41 ¢ K(a1,...,a;) for i<t, and aj41 € 
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K(a1,...,a,) fori > t. Each time we adjoin a root a,4, of f(z) to K(a1,...,a;), we will 
compute a primitive element for K(a4,...,@:41) over K, and a minimal polynomial for that 
element. In the algorithm we call these “y” and “g(y)” respectively; in the proof we call 
the :** primitive element 6;, and its minimal polynomial over K, g;(y). Recall Proposition 
2.2 which says that if G,(z) is an irreducible factor of Not) /a(v)) jl f(z — cy)), then 
K [z]/G,(z) ~ K[z, y]/(9(y), f;(z)). We observe that it is not really necessary to factor f(z) 
over K(f) in order to determine if f(z) splits into linear factors in that field. For, if g(y) 
of degree | is the minimal polynomial for § over K, and h(z) € K[z, y]/g(y) is of degree k, 
then Noi /a(v))/ x(h(z)) is a polynomial of degree [k over K. In particular, if G,(z) is an 
irreducible fector of Ny KIvi/atv))/ «(f(z — cy)) in K[z] which is of degree m> degree(g(y)), 
then ged yctyj/g(y)(G3(z + cy), f(z)) is nonlinear. This observation will save us the work of 
factoring f(z) until we reach a splitting field for f(z) over K. We are now ready to proceed 
with the proof. 

We claim that each iteration of Steps 2-4 adjoins a root a,; of f(z) to K and computes 
a primitive element, (,, for K(a1,...,a;) over K. Suppose first that f(x) is normal, that is, 
f(x) factors completely in K[y]/f(y). In that case each of the G,(z)’s will be of the same 
degree as f(y) = g(y), and we will fall through to the second part of the algorithm. 

Next suppose that f(z) is not normal, and adjoin a single root of f(z) to K. Then at 
least one of the irreducible factors of f(x) in K[z,y]/f(y) is not linear. If f,;(z) is such a 
factor, then G;(z) = Neiu/oty))/« Esl — cy)) is a factor of Noisy) /« Fle — cy)) 
whose degree is greater than the degree of g(y). On the first iteration of Steps 2-4 let @ bea 
root of G;(x), where 8 = a1 -+ cag, where c is an integer less than (m?/)?. By Proposition 
2.2, K(@) = K(a1,a2). On subsequent iterations 8,41 will be a root of (the new) G,(z), 
an irreducible factor of Ne«ty) /9(y))/ x(f(z — cy)). Then 


Kly]/9(y) = K[yl/G;(y) = K (8541) = K(Bi, o41) 


by induction. We fall through to Step 5 only when f(z) factors into linear factors in 
K[y]/9(y); equivalently, when we have adjoined {a,...,0;} to K, and have computed a 
primitive element y for K(a1,...,a4) over K. Then K[y]/g(y) is the splitting field of f(x) 
over K. 


In Step 5, we factor 
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f(z) = TJ A) = [[ ( — aly) 


t=1 t=1 


over K [y]/g(y). In Step 6 we factor 


o(z) = [[(z— rily)). 
i=1 
(By the construction of g(y), we know that g(x) splits completely in K [y]/9(y).) 

The Galois group of g(x) over K, G, is a group of order n acting on n elements; thus for 
each i = 1,...,n there is a unique 0, € G with o,(1) = 7. The Galois group of f(z) over K is 
the induced action of G on the roots of f(z), a1,...,Q@m, Which we write as qi(y),.-.,¢m(y). 
Without loss of generality we assume that o,(1) = 1. An alternative way to say this is that 
o,(y) = pi(y). Then 9q,(y) is the constant term of the f,(z), o;(a;) = o;(9;(y)) = pi(q,(y)). 
Let {7 | ¢ = 1,...,2} be the induced action of G on ay,...,Qm, so that 7,(7) = / iff 
p(q;(y)) = ai(y). Thus Algorithm 4.2 returns the set {7;} which form the Galois group of 
f(z) over K. 

The running time analysis breaks up into two parts, just as the proof of correctness 
did. First we consider the time needed for Steps 1-4, which calculates 6; and g,(y). Let 
n; = [K(qa,...,a;): K], and.d; = [K(a1,...,a;) : K(a1,...,a;—1)]. We first bound the 
size of g,(y). The roots of g,(y) are conjugates over K of a, + cga_ +... -+cja,;, where 
c; € Z. By Lemma 1.6 |c,| < (djn;_;)? = n?. Then 

flor + coae +...+ a4] < faf(1+ co +...+ ¢) 
< flafile,|, since cy < ¢ for7 <i 


< [a}n}. 
If k(x) is the minimal polynomial for 6 over Q, |k(x)| < (2{6])™. Then 
[os(wl < (2faen?)™ (2fe])m* 
by Weinberger and Rothschild [Theorem 1.3.] We further conclude that 
EN cine) Fe — cw) S (2ledn.)* "216. 


Let D; be the time needed by Algorithm 4.2 on the i*” iteration. Then T; = D; + 
Dy-1+...+ Dy. We claim Dy < 3(ni414)®+*(ni41 log nf f(x)] + 2 log [0])?+* . This is 
58 


ee 


because Steps 2-4 are dominated by the time it takes to factor Noctyl /a(v))/ K(f (z — cy) 
over K. By Propositon 2.1, the claim follows. Then 
Ty < 3(migsl)?h*(ny41 log ny [f(z)] + 2 log fe])?** 
+ 3(n,l)+*(n,; log n;—1[f(z)] + 8 log [e])?+* +... 
wet 3(nr1)° "(ny log mf f(x)] + 2 log [9]])?T*. 

The time required by Algorithm 4.2 in Steps 2-4 is bounded by O((|G{/)®**(|G| log |G] f(z)]+ 
3 log a])?+*). | 

Since [[f(x)] and [g(y)] are both smaller than LNociy /atv))/ x(f(z — cy))], Steps 5 and 
6 do not add to the time bound established for Steps 1-4. Similarly the computations 
of Steps 7 and 8, being straightforward divisions of polynomials (n|G| of them), do not 
increase the running time of Algorithm 4.2. Consequently Algorithm 4.2 computes g(y) and 
{ry [i= 1,...5n} in O((|G[)®+(IG| log |GIL/(@)] + !° log fo])?+*) steps. 5 


5. How it Fits Together 


Let f(x) € Z[z] be monic and irreducible, with roots a1,...,Qm. We have shown how 
to compute field extensions Q(f,), 1 = 1,...,7-+ 1, such that Q(6,41) = Q, and Q(f1) = 
Q(q@), and for j = 1,...,7, the Galois group of Q(A;) over Q(G,;+4.1) acts primitively on the 
conjugates of 8, over Q(8,;+41) [Algorithm 4.1.] We have shown that if f(z) is a monic, 
irreducible polynomial in Ox[z], where K = Q(@) is an algebraic number field, then we can 
compute the Galois group of f(z) over K[z] in time polynomial in the size of the Galois 
group, [f(z)] and {@]. We know that primitive solvable groups are small. How does it all 
fit together? 

Quite simply. We call FIELDS on f(x) to determine a tower of fields each one of which 
has the Galois group acting primitively on the roots of the polynomial which generates it 
from the field below. We call GALOIS for each one of these extensions. We call GALOIS with 
a clock. Let g,(y) be the polynomial described in FIELDS, and suppose the degree of 9,(y) 
is n,. By construction the extension Q[z]/h;—1(z) over Q[z]/h,(x) has Galois group which 
acts primitively on the roots of g;1(y). By Theorem 4.4, if this group is solvable, then 
its order must be less than 24~1/3n3-25. For each i, i = 1,...,r, we call GALOIS on input 


9i—1(y), Q[z]/h,(z). We allow this procedure to run for 


(a constant)n3°_, degree(h,(y))°+*(n3-25 log n.ff'g;—1(y)] + (degree(hi(z))° log [h,(z)]})? T° 
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= k, steps, the time needed by GALOIS to determine a Galois group of order less than 
24—1/33-25_ If the procedure fails to return a Galois group in that amount of time, we 
know that the Galois group of g;1(y) over Q[z]/h,(z) is not solvable, and hence neither 
is f(z) solvable over Q. If a group is returned, we call any of the standard algorithms 
for testing solvability of a group [Sims},[FHL]. Since the order of the group is polynomial 
size in n;—1, these algorithms can check solvability of the group in polynomial time. Let 
SOLVABLEGP be the reader’s favorite algorithm for testing if a given group is solvable. We 
assume that the input to SOLVABLEGP is a set {7,; | 1 = 1,...,} which forms the Galois 
group for 9;—1(y) over Q[z]/h,(x). Then SOLVABLEGP returns “yes” if the group is solvable, 


and “no” otherwise. 
Algorithm 4.3 SOLVABILITY 
input: f(z) € Z[z], monic irreducible of degree m 


Step 1: Call BLocks(f(z)) 


Step 2: Fori=1,...,7, do: 
For (degree(g;—1(y)))** steps, do: 


Step 3: If no return, return f(z) “IS NOT SOLVABLE BY RADICALS” 
Else call SOLVABLEGP { 7; } 
If SOLVABLEGP{ 7, } =“no”, return f(z) “IS NOT SOLVABLE BY RADICALS” 


Step 4: return f(z) “IS SOLVABLE BY RADICALS” 


return: f(r) IS SOLVABLE BY RADICALS if f(z) is solvable by radicals, 
f(z) IS NOT SOLVABLE BY RADICALS otherwise 


We conclude with the main result of this thesis: 


Theorem 4.6: Let f(z) € Z[x] be monic and irreducible of degree m over Q. Then 
Algorithm 4.2 determines whether the roots of f(z) are expressible in radicals in time 


polynomial in m and log|f(z)|. 
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Chapter V 


Expressibility 


1. Background 
We recall: 


The Fundamental Theorem on Equations Solvable by Radicals: 

(1) If one root of an irreducible equation f(z) over a field K can be represented in the 
form: 

‘VvP+V (*) 

then the Galois group of f(z) over K is solvable. 

(2) Conversely, if the Galois group of f(r) over K is solvable, then all roots can be 
represented by expressions of the form (*) in such a way that in the successive adjunctions 
of \/a, the exponents are prime numbers, and the equations z” — a are irreducible each 


time. 


For the first four chapters of this thesis, we were concerned with the problem of deter- 
mining solvability of an irreducible polynomial over the rationals. If f(z) is an irreducible 
solvable polynomial over the rationals, it would be most pleasing to find an expression in 


radicals for the roots of f(z). In this chapter we exhibit a straight line program which does 
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so in polynomial time. Classical results are presented in §1, and a discussion on bounds 
appears in §2. The straight line program is presented in the final section of this chapter. 
Let K be an algebraic number field which contains the n** roots of unity. Then K(V/a) 
is a Galois extension of K, and the map (/a ++ ¢,</a, where ¢, is a primitive n’* root of 
unity generates the Galois group of K(\/a) over K, which is cyclic of order n. If K(a) is 
a Galois extension of K with cyclic Galois group, we say K(a) is a cyclic extension of K. 
If K(a) is cyclic of order n, we claim that K(a) = K(v/a) for some a in K. Let o bea 
generator of the Galois group of K(a) over K, and let ¢ be a primitive n™ root of unity. 


For each element in K(a) we can form the Lagrange resolvent: 


| (6,9) = y+ ¢0(y) + 6707(q) +... +g? 20 71(9). 


The Lagrange resolvent is a K-linear map from K (a) onto itself, and can be thought of as 
a matrix. Then (¢, 7) = 0 iff 7 is in the null space of this matrix. The following theorem 


shows that the Lagrange resolvent does not act trivially on K(a). 


Theorem 5.1 [E.Artin]: The elements of the Galois group of K(a) over K are linearly 


independent over K. 


proof: It is clear that if ao(x) = 0 for z 4 0, then a = 0. Suppose there is a relation 


4403(Z) + ago9(z)+...+ @mOm(z) = 0 (1) 


with none of the a; = 0. Let m be chosen as small as possible. Then we know m > 2. 
Since o and o2 are distinct, there is a b in K such that 01(b) 3 o2(b). (Note that this 
means 01(b) 4 0.) We have 


a30;(bz) + agoq(br) + ...+ amom(bz) = 0 (2) 
which implies 
@104(z)o4(b) + a209(z)o2(b) +... + @mom(z)om(b) = 0. (3) 


We divide equation (3) by o1(b), and subtract it from equation (1). The first term cancels, 
and we obtain: 
Om(b) 


01(b) — Am)Om(2) =0 (4) 


(ex, o a — ag)oa{ (z)+.. -+(a om 
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Because the first term in equation (4) is not zero, this is a relation of shorter length than 
equation (1), which was chosen to be minimal. Thus it must be the case that 01,...,0, are 


linearly independent over K. | 


Now let 1 € K(a) be such that (¢, 7) 0, and consider 


o(6,1) = o(y) + ¢07(4) +... + 5% 10" “*(9) 
= ¢—'(0(y) + ¢?07(y) +... +) (Ff) 
= ¢—*(¢,9). 


This means that (¢, 7)” is fixed by o, and thus that (¢,7)" is in K. But we also know 
from (**) that o*(¢, y) = ¢~*(¢, 7), which means that the only element of the Galois group 
which fixes (¢, y) is the identity. If we let a = (¢,7)", we conclude that K(a) = K(V/a). 


We have shown: 


Theorem 5.2: Every cyclic field of n** degree over an algebraic number field can be 
generated by an adjunction of an n** root provided that the n** roots of unity lie in the 


base field. 


The method we use to express a as radicals over @ relies on the effective proof of 
Theorem 5.2. Clearly roots of unity play a special role in the question of expressibility, and 


we show: 


Lemma 5.3: The p** roots of unity, p a prime, are expressible as “irreducible radicals” 


over K. 


proof: We do this by induction on p. If p = 2, the roots of unity are +-1, and there 
is nothing to show. Suppose we have shown the lemma to be true for all primes less than 
p. Now the field with the p** roots of unity is cyclic of order p— 1 = p{?...pg* over K. 
We adjoin to K the p{*,..., pi* roots of unity which by induction we have assummed to be 


expressible as radicals over K. Then Theorem 5.2 applies. | 


2. Bounds 


We assume f(z) is an irreducible solvable polynomial of degree m over the rationals, 


and we let @ be a root of f(z). In Chapter IV we presented an algorithm which found a 
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tower of fields Q((;),1 = 1,...,7, where Q C Q(8,) C ... C Q(f1) C Q(a), and the Galois 
group of Q(f;) over Q(f8;+1) acts primitively on the roots of the minimal polynomial of A; 
over Q(f,+41). We also described a polynomial time algorithm to find the fields Q(7),i = 
1,...,7, where Q(%) is the splitting field for Q(f;) over Q(6,+1). (See Figure 4.2.) In light 
of Theorem 5.2, we find it necessary to first adjoin to Q the /** roots of unity, where | = 
[Q(7r) : Q]. We claim that there is a straight line program which expresses ¢y, a primitive 
I root of unity, in radicals in polynomial time. The proof is similar to that for expressing 
§,; as radicals in polynomial time, and we begin by proving the bound for the f,;’s. We 
find elements f; such that Q(G,) = Q(c, 6,). In order to prove that we can express B; by 
a straight line program in polynomial time, we must first obtain bounds on [g,(z)]] and 
[k:(y)], the minimal polynomials for B; over Q(B, 41) and for 4; over Q(B,) respectively. 


The bounds we present are not best possible; they are simplified for the sake of readability. 


Lemma 5.4: If h,(z) is the minimal polynomial for B; over Q, then \hs(z)| < If (z)|"". 
If g,(z) is the minimal polynomial for B; over Q(B.+1); then [[9,(z)] < | f(z)|”" 


proof: Because the Galois group of f(z) is solvable, each extension [Q(7.) : Q(4:+1)] < 
m3-25 where [Q(8;) : Q(6:+1)] = m,. Since [Q(a) : Q] = [] mz = m, we have | = [Q(,) : 
Q] < m5. Now Q(6:41) = Q[z]/A.41(z) implies that Q(8,4 1) = Q[z, ¥]/(hi+1(2), 2(y)) 
where 2(y) is an irreducible factor of the cyclotomic polynomial z'~! + 2'—! + ...+1 over 
Q[z]/hs+1(z). By Weinberger and Rothschild [Theorem 1.3], [z(y)] < my!|hi4-1(z)|"™ : 

The roots of h,+1(z) are symmetric functions in a block of roots of f(z), which means 
that |h:41(z)| < |f(z)|"". Thus Jz(y)] < m,!| f(z)". We can now use Proposition 2.2 to 
determine a primitive element B 41 over Q; if hs 1(z) is the minimal polynomial for B; 44 
over Q, then 

lia-+-a(2)] < (matm,tlf(a)l™™ Lf(a)™Y™" 
< lfle)I”". 

Now g,(y) will be a factor of 9;(y), the polynomial described in Algorithm 4.3. Since g,(y) 


is an irreducible factor of h,(y), we have 


fou) < mifhatu Nica)” 
< mils(e)™ (Use@)I"" 


< |f(z)|” - 
64 


This implies that 
S410 < mF lrsga(2)™ 
< mil f(z)!” *1F(2)I 
< |f(z)I" - 
(We remind the reader that the bounds obtained are not best possible.) | 


Lemma 5.5: If &,(z) is the minimal polynomial for 7, over Q(B:+1); then [[k,(z)] < 
If(z)|" . | 


proof: If k,(z) is the minimal polynomial for 7; over Q(6;+1), then the roots of k,(z) 


are the conjugates of 


Bs + cao +... + C49 


over Q(f,;41), where #2,..., 0; are the conjugates of A; over Q(f;+1), and the c,’s are integers 
less than m?. Then by Weinberger and Rothschild [Theorem 1.3], 


[es()) < (m" f(a) "FN 
< ea)". 


Since k,(z) is an irreducible factor of k;(z) over Q(B:4.1), we obtain 


Fes(2)] < mal(Es(2))*Vs-4 (2) 
< mil f(a) (1e(@)™"" 
< |f(z)I” - 


In order to write straight line code to express a as radicals over Q, it suffices to present 
straight line code for expressing 8, as radicals over Q(B; +1). If we can solve the latter 
problem in time polynomial in m and log|f(z)|, then the former can also be solved in 
polynomial time, since there are at most log m fields between Q and Q(a). 

Suppose that H is the Galois group for Q(,;) over Q(6:+1), and that H is solvable. 
In polynomial time we can find a set of subgroups of H which satisfy {e} = Ho C Hi © 
... C H, =H, where H, is normal in H,+41, and Hy41/H, is of prime order [Sims], [FHL]. 
We let _ | | | 

je(z) = I o,(z — %); 


o,€K, 
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then Q(8,43)[z]/7«(z) is the subfield of Q(4,) corresponding to Hy. Since we can compute 
the H;,’s in polynomial time, we can also compute polynomials j,(z) in polynomial time. 
We can find a primitive element 6, for the field Q(8,41)[z]/ jx(x) in polynomial time. We 
do this using Proposition 2.2. If j,(x) = z' + b:12'—! +... + bo, the b,’s are symmetric 
functions in conjugates of 7,, and [[b,] < Gala < (Ifa) = \f(z)!"" We let 
6, = bp +30, +...4+ c11b11, c; € Z, be a primitive element by using Proposition 2.2 
in the usual way. Then [,] < (m’| f(x)\""’), and if 3,(z) is the minimal polynomial for 


6, over Q, 


Dela < (m1s(z)"" 
< Ife)". 


If we let 1,(z) be the minimal polynomial for 6, over Q(6,—1), then since 1,(z) is a factor 


of j,(z), we have: 


Lela) < (mG ee 
< (fe. 


We conclude: 


Lemma 5.6: Let j,(z) be the minimal polynomial for 6, over Q. Then [j,(z)| < 


|f(z)|"* If i,(2) is the minimal polynomial for 6; over Q(B,_1), then Jte(z)h < If (z)\"". 


3. A Straight Line Program 


We have determined primitive elements 6; such that Q(¥%,) is a cyclic extension of Q(6,), 
Q(8;+1) is a cyclic extension of Q(0;), and Q(61) is a cyclic extension of Q(B:41)- (For the 
sake of simplicity, let 99 = Bi+1-) Denote [Q(8,) : Q(8;—1)] by dj. 
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~ Q(61) 
| 
(4:41) 
Figure 5.1: The Cyclic Extensions Between Q(A, 441) and Q(4,) 


We inductively express 71,..., 41 such that Q(6,,7;) = Q(0;+1), and n; = °/p,(8;), 
where p,(z) € Q[z]. To do this it is necessary to also construct q,(z,y) € Q[z,y], 7 = 
0,...,8, where 0,44 = q)(¢/p,(8;); 6;). Once we have shown how to construct p;(z) and 
q;(z, y) in size polynomial in m and log |f(z)|, we will be done showing that how to express — 
a over Q(¢) in a straight line program in polynomial time. Finally ¢ will be expressed in a 
similar way. 

) We proceed by induction, beginning with 7;. Consider the Lagrange resolvent of Q(41) 
over Q(Bi41); and let «; be in Q(01) — the null space of Q(B.+1)- (Observe that «; can be 


found in polynomial time.) If «; = r1(61), then 


Era(z)) < (Cai 019) )* = (ifn) 
[Edm.] Let 1 = (¢,«1)"!. By the proof of Theorem 5.2, 7: € Q(6i41) = Q(60), and 
Q(01) = Q(Go,./7i)- Let pi(z) € Q[z] be such that pi(09) = m1. We want to show that 
pi(z) has polynomial size coefficients. 

Since 7; is small in absolute value, its minimal polynomial over Q has polynomial size 
coefficients. This polynomial factors over Q(09). Since z — ny = 2 — p;(9o) is a factor, and 
~ we conclude by Weinberger and Rothschild [Theorem 1.3] that p:(z) has polynomial size 
coefficients. We repeat this with actual, though not best possible bounds. 
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We chose 7; = (¢,)“". This means that 


Ind = [(¢, 61) 
< (di fees)” 
< (@2fe)*)* 
< fo.p". 


By Lemma 5.6, |j,(z)| < f(z)", and [6,] < \f(z)|™". By a rough approximation using 
Weinberger and Rothschild, we find 


lps(2)| < [e(ai™". 


Next we determine and bound q;(z, y). Our argument is that the minimal polynomial 
for 6; over Q is of bounded size (Lemma 5.6), and thus its factors over Q(0) are also 
bounded. We find an integer c; such that vy = 0) + c/n is a primitive element for Q(1) 
over Q. Then 1 has a minimal polynomial over Q which is of bounded size. This means 
that the polynomial t;(z) € Q[z] such that 6, = t;(v1) has polynomial size coefficients. 
Furthermore the polynomial q:(z, y) € Q[z,y] such that 6, = qi( 3/7 61) = ti{y + c12) 
also has polynomial size coefficients. 

For the inductive step it suffices to replace 0 by i, and 1 by + 1, because all of our 
bounds are a priori established by Lemmas 5.4-5.6. The crucial fact to observe is that each 
of the polynomials p,(z) and q,(z, y) are determined in sequence from the 6,’s, whose length 
of description is polynomially bounded. 

One step remains. We must show that if 6, = 4(4,), with I(x) € Q[z], then the 
coefficients of /,(z) are polynomial in size. This follows immediately since the minimal 


polynomials for B, and 4, over Q(B, 41) are polynomial in size. We have shown: 


Theorem 5.7: There exists a polynomial time straight line program to express a, a root 


of a solvable irreducible polynomial over Q, in terms of radicals. 


We have not yet shown how to express the /** roots of unity as radicals over Q, but 
Lemma 5.3 is effective. We observe that in order to express the /** roots of unity as radicals 
over Q, we need to have the p‘* roots of unity expressed as radicals, where p, is a prime 
divisor of (1). Of course, this requires that qi" roots of unity are expressed as radicals, 


where q; is a prime divisor of pj — 1. This inductive construction requires no more that 
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log! steps. Therefore we conclude that ¢; can be expressed as radicals over Q in a field of 


degree no greater than /'°8! over Q. 


It would be much more pleasing to express a in polynomial time in the form: 


jones 172765537 


rather than what we have proposed here. However, the following theorem suggests that this 


may not possible, at least for roots of unity. 


Theorem 5.8 [Shapiro]: Let c(z) be such that y°(*)(z) = 2 for z > 2. Then 2°") < 
x <2-3°C), | 


Shapiro’s function C(z) is the number of field extensions we need to write y(z) as 
radicals over Q. Then C(x) = O(logz). The field which contains ¢, expressed in radicals 
will be of degree /!°8! over Q, so there is little hope that the actual radical expression for q 


will be polynomial in size. This indicates that Theorem 5.7 may be the best we can do. 
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Ls 


Questions, Conclusions, and More Questions 


If now you give us a polynomial which you have chosen at your pleasure, and if you 
want to know if it is or is not solvable by radicals, we have the techniques to answer that 
question in polynomial time. We have transformed Galois’ exponential time methods into 
a polynomial time algorithm. Furthermore, if the polynomial is solvable by radicals, we 
can express the roots in radicals using a suitable encoding. We have provided a polynomial 
time algorithm for the motivating problem of Galois Theory; we leave unresolved many 
interesting questions. 

In light of the running times presented in Chapter IV, we hesitate to claim practicality 
for our polynomial time algorithm. This suggests the following set of questions: 

1) All of our running times are based on the time needed by the L? algorithm for 
factoring polynomials over the integers. Can the present time bound be improved? 

2) Can the running time for factoring polynomials over algebraic number fields (Algorithm 
2.1) be improved? . 

3) In Chapter III we presented an algorithm which determines a minimal block of 
imprimitivity of the Galois group of the irreducible polynomial f(z) over the field K. Is there 
a faster algorithm than Algorithm 3.1 for determining the minimal blocks of imprimitivity? 
We conjecture that any algorithm that determines minimal blocks of imprimitivity must 


factor f(x) over K[z]/ f(z); we would like to see a proof of this. 


The divide-and-conquer technique we used to determine solvability has the surprising 
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characteristic that it answers that question without even determining the order of the group. 
We ask: 
4) Is there a polynomial time algorithm to determine 
a) the order of the Galois group 
b) a set of generators for the Galois group, 


in the case of a solvable Galois group? 


The real buried treasure would be a polynomial time algorithm for determining the 
Galois group, regardless of solvability. A polynomial of degree n may have a Galois group 
as large as S,, but a set of generators will be polynomial in size. We see no immediate 
way that a divide-and-conquer approach might solve this problem, but we do observe that 
some characteristics of the Galois group may be inferred without actually determining the 
group. For example, the Galois group of an irreducible polynomial f(z) of degree n over 
the rationals is contained in A,, the alternating group of order n, iff disc(f(z)) is a square 
in Q [Lang, pp.199-200.] This means that the Galois group of an irreducible polynomial of 
degree 3 over Q may be found by simply calculating the discriminant. Various tricks and 
methods have been used to determine the Galois group of polynomials over Q of degree less 
than 10 [Mc],[St], [Za2], but until the recent results concerning polynomial factorization 
there was no feasible way to compute the Galois group of a general polynomial of large 
degree. It would be most exciting if a polynomial time algorithm were found for computing 
the Galois group. We offer no insights on this problem short of the results presented in this 
thesis, but we hope for, and would be delighted by, its solution. 
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Appendix 


Suppose a satisfies an irreducible polynomial g(t) of degree m over Q; then 1,a,...,a”—1 


form a basis for Q(a) over Q. Recall the matrix (b,;) defined by: 


B=an+apa+...+a1na"! 


Bor = a2, + a220 +... + dana”? 
—1 a 
Ba™~" = Omi + Om2a +... + Omma™ ; 


™ 
for 6 € Q(a). We define the trace of G, Tr(f), to be > b,;. Note that this definition is 
i=l 


independent of the choice of basis for Q(a) over Q. Observe also that Trgiayse(F + 7) = 
Tre(a)/@(8) + Tre(a)e(7). We are now ready to prove: 


Proposition 1.2: Let a be an algebraic integer satisfying g(t), a monic irreducible 
polynomial over Z. Then the ring of algebraic integers of Q(a) is contained in (1/d)Z[al, 


where 


d | dise(9(t)) = [] (os — a;)? 


i<j 


proof: Let deg(g(t)) = m; then 1,a,...,a™~—? are a basis for Q(a) over Q. Furthermore 
l,a,...,a"—! are all algebraic integers. Assume f(z) = (tr — a)(z2™—! + By_az™—? + 
seb Bo) in Q(a)[z], and let w, = 7f&y for i = 0,...,.m—1, with Bm—1 = 1. We claim 
Tr(a*w,) = 5;. 


Let 


ma_(< f@__4 . 
na) =( Je)» j=0,....m—1. 


t=] 


We claim 01,...,Qm, are the roots of h,(z). Observe that 


f(z) = >) [[(@—). 


l=1 1k 
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Then 


(as) = T] (as — a). 
I48 


Since Ze, Fatbray = 1, we are done. But this means that h,(a,;) = 0, for 1 = 1,...,m. 


Because h,(z) is a polynomial of degree less than m, it must be the case that h,(z) is 


identically zero. That is to say, 


m 2 . 
> f(z) = 7) for j = 0,...,.m—1. 
i=1" Os 


z—o; f(a) 
J 3 
That n( fe) 5) = x] follows immediately, since the polynomials JO hy 


are all conjugate, and the trace is additive. Then T(z" ) = 2) if i = j, and 0 


a 
fi{as) 


otherwise. Thus = ey”) = 653. 

Let d % 0 be such that d oe is an algebraic integer. Let y = ap + ai1a@+...+ 
Am—ia™— € Q(a) be integral over Q (i.e. satsify an integer monic polynomial over Q.) 
Then d7ft,7 is integral over Q, as is Tr( dz) = da,. But da; € Q implies da, € Z. 
Therefore y € (1/d)Z(a). 


Since A; is an algebraic integer, d is a divisor of f’(a). Then 


f'(a) = ds Ite — a;) 
= IL (a — a;) since [La —a,;)=Ofor1A1 
tI iA 
= (9 Teas? 
i<j 


= (1) dise(9(t)). 


This completes the proof. a 
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